Privilege Escalation Vulnerability in AMD Platform Configuration Blob SMM Driver
CVE-2025-54502

7.1HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Epyc™ 7002 Series Processors; Amd Epyc™ 4004 Series Processors
Vendor: CVE Published:; 16 April 2026

What is CVE-2025-54502?

A security flaw in the AMD Platform Configuration Blob's System Management Mode (SMM) driver enables a local privileged attacker to exploit incorrect boot service usage. This vulnerability may lead to privilege escalation, potentially allowing arbitrary code execution on the affected system, posing significant risks for data integrity and system stability. Systems using the AMD Platform Configuration Blob should be evaluated and patched promptly to prevent exploitation.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5_1.0.1.2e

AMD EPYC™ 4004 Series Processors ComboAM5PI 1.0.0.d

AMD EPYC™ 7002 Series Processors Rome-1.0.0.P

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jul 23, 2025

CVE-2025-54502 Data

JSON

Amd

What is CVE-2025-54502?

Affected Version(s)

References

CVSS V4

Timeline