Firmware Vulnerability in AMD Secure Processor Affecting Zen 5 Products
CVE-2025-54510

5.9MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9005 Series Processors; Amd Epyc™ 8004 Series Processors
Vendor: CVE Published:; 16 April 2026

What is CVE-2025-54510?

A missing lock verification flaw in the AMD Secure Processor firmware can be exploited by an attacker with local administrative privileges. This vulnerability allows for unauthorized alterations in Memory-Mapped I/O (MMIO) routing on certain Zen 5-based products, which may lead to significant compromises in the integrity of guest systems. Operating systems relying on these products could be at risk, necessitating immediate attention and remediation from affected users.

Affected Version(s)

AMD EPYC™ 7003 Series Processors MilanPI-SP3_1.0.0.J

AMD EPYC™ 8004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9004 Series Processors GenoaPI_1.0.0.H

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Jul 23, 2025

CVE-2025-54510 Data

JSON

Amd

What is CVE-2025-54510?

Affected Version(s)

References

CVSS V4

Timeline