Access Control Vulnerability in SEV Firmware by AMD
CVE-2025-48514

4MEDIUM

Key Information:

Vendor

Amd
Status
Amd Epyc™ 9004 Series Processors
Amd Epyc™ 7003 Series Processors
Amd Epyc™ 9005 Series Processors
Amd Epyc™ 8004 Series Processors
Vendor
CVE Published:
10 February 2026

What is CVE-2025-48514?

The access control flaw in AMD's SEV firmware allows a privileged attacker to instantiate a SEV-ES Guest. This configuration can be exploited to target SNP guests, posing a significant risk to data confidentiality. Organizations using affected versions should urgently apply patches to mitigate these vulnerabilities.

Affected Version(s)

AMD EPYC™ 7003 Series Processors MilanPI 1.0.0.H

AMD EPYC™ 8004 Series Processors Genoa++_1.0.0.H

AMD EPYC™ 9004 Series Processors Genoa++_1.0.0.H

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.