Insufficient Parameter Sanitization in AMD Secure Processor Boot Loader
CVE-2025-48515

5.4MEDIUM

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 4000 Series Desktop Processors
Vendor: CVE Published:; 10 February 2026

What is CVE-2025-48515?

The vulnerability arises from inadequate parameter sanitization in the AMD Secure Processor Boot Loader. This flaw allows an attacker with access to SPIROM to manipulate inputs, which may lead to memory overwriting. Successful exploitation of this vulnerability can enable arbitrary code execution, potentially jeopardizing the integrity and security of the affected system.

Affected Version(s)

AMD Ryzen™ 4000 Series Desktop Processors RenoirPI-FP6_1.0.0.Ec

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics RenoirPI-FP6 1.0.0.Ed

AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2PI_1.2.0.11

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
May 22, 2025

CVE-2025-48515 Data

JSON

Amd

What is CVE-2025-48515?

Affected Version(s)

References

CVSS V4

Timeline