Access Control Vulnerability in SEV Firmware by AMD
CVE-2025-48514
4MEDIUM
Key Information:
- Vendor
Amd
- Status
- Vendor
- CVE Published:
- 10 February 2026
What is CVE-2025-48514?
The access control flaw in AMD's SEV firmware allows a privileged attacker to instantiate a SEV-ES Guest. This configuration can be exploited to target SNP guests, posing a significant risk to data confidentiality. Organizations using affected versions should urgently apply patches to mitigate these vulnerabilities.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
AMD EPYC™ 7003 Series Processors MilanPI 1.0.0.H
AMD EPYC™ 8004 Series Processors Genoa++_1.0.0.H
AMD EPYC™ 9004 Series Processors Genoa++_1.0.0.H
References
CVSS V4
Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved