Local Privilege Escalation Vulnerability in AMD Processor Configuration
CVE-2025-61971

5.9MEDIUM

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9005 Series Processors; Amd Epyc™ 8004 Series Processors
Vendor: CVE Published:; 13 May 2026

What is CVE-2025-61971?

A vulnerability exists in AMD processors due to missing lock bit protection for NBIO registers. This oversight may permit a local admin-privileged attacker to alter MMIO routing configurations. If exploited, this could compromise the integrity of SEV-SNP guests, leading to potential data breaches or unintended access to sensitive information.

Affected Version(s)

AMD EPYC™ 7003 Series Processors MilanPI-SP3_1.0.0.J

AMD EPYC™ 8004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9004 Series Processors GenoaPI_1.0.0.H

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Oct 4, 2025

CVE-2025-61971 Data

JSON

Amd

What is CVE-2025-61971?

Affected Version(s)

References

CVSS V4

Timeline