Improper Access Control Vulnerability in AMD Products
CVE-2025-0040

5.3MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 7040 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 8000 Series Desktop Processors; Amd Ryzen™ 8040 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ Embedded 8000 Series Processors
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-0040?

An improper access control vulnerability exists within the interaction between the Joint Test Action Group (JTAG) and the Advanced Extensible Interface (AXI) in several AMD products. This could potentially allow an attacker with physical access to exploit this weakness, enabling them to read or modify the contents of cross-chip debug (XCD) registers. Such unauthorized access may lead to serious security concerns, including loss of data integrity and confidentiality, underscoring the importance of safeguarding physical access to affected devices.

Affected Version(s)

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics PhoenixPI-FP8-FP7_1.2.0.B

AMD Ryzen™ 8000 Series Desktop Processors ComboAM5PI 1.2.0.3d

AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics PhoenixPI-FP8-FP7_1.2.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Nov 21, 2024

CVE-2025-0040 Data

JSON

Amd

What is CVE-2025-0040?

Affected Version(s)

References

CVSS V4

Timeline