Improper Access Control in AMD Secure Encrypted Virtualization Firmware
CVE-2025-29948

5.9MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9005 Series Processors; Amd Epyc™ Embedded 9005 Series Processors
Vendor: CVE Published:; 10 February 2026

What is CVE-2025-29948?

The AMD Secure Encrypted Virtualization (SEV) firmware has a vulnerability that stems from improper access control mechanisms. This issue could allow a malicious hypervisor to circumvent the RMP (Runtime Memory Protection) safeguards, leading to possible compromise of the integrity of SEV-SNP guest memory. Such unauthorized access poses significant risks to the security and privacy of virtualized environments, necessitating prompt attention to patch the affected firmware and mitigate potential exploitation.

Affected Version(s)

AMD EPYC™ 9005 Series Processors TurinPI 1.0.0.6

AMD EPYC™ Embedded 9005 Series Processors EmbTurinPI-SP5_1.0.0.1

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Mar 12, 2025

CVE-2025-29948 Data

JSON

Amd

What is CVE-2025-29948?

Affected Version(s)

References

CVSS V4

Timeline