Improper Access Control in AMD SEV-SNP Product by AMD
CVE-2025-0033

6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7003 Series Processors (formerly Codenamed "milan"); Amd Epyc™ 9005 Series Processors (formerly Codenamed "turin")
Vendor: CVE Published:; 14 October 2025

Badges

📰 News Worthy

What is CVE-2025-0033?

An improper access control vulnerability in AMD's SEV-SNP technology could enable an attacker with administrative privileges to write to the Read Memory Protection (RMP) during the Secure Nested Paging (SNP) initialization process. This could potentially compromise the integrity of the SEV-SNP guest memory, allowing unauthorized manipulation of memory resources.

Affected Version(s)

AMD EPYC™ 7003 Series Processors (formerly codenamed "Milan") MilanPI 1.0.0.H

AMD EPYC™ 9005 Series Processors (formerly codenamed "Turin") TurinPI 1.0.0.6

News Articles

The Hacker News

CVE-2025-0033

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

AMD patches CVE-2025-0033 “RMPocalypse,” a flaw allowing full SEV-SNP VM compromise via RMP overwrite.

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by The Hacker News
Oct 14, 2025
Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Nov 21, 2024

JSON

Amd

Badges

What is CVE-2025-0033?

Affected Version(s)

News Articles

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

References

CVSS V3.1

Timeline