Local Privilege Escalation Vulnerability in AMD Secure Processor
CVE-2025-61972

8.5HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Series Processors; Amd Epyc™ 9005 Series Processors; Amd Epyc™ 8004 Series Processors; Amd Epyc™ Embedded 9004 Series Processors (formerly Codenamed "genoa")
Vendor: CVE Published:; 13 May 2026

What is CVE-2025-61972?

The vulnerability arises from the lack of lock bit protection for NBIO registers within the AMD Secure Processor. This oversight can be exploited by an attacker with local admin privileges, granting them unauthorized access to the System Management Network (SMN). The exploitation may lead to arbitrary code execution within the AMD Secure Processor, ultimately compromising the confidentiality and integrity of SEV-SNP guest environments.

Affected Version(s)

AMD EPYC™ 8004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9005 Series Processors TurinPI_1.0.0.8

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Oct 4, 2025

CVE-2025-61972 Data

JSON

Amd

What is CVE-2025-61972?

Affected Version(s)

References

CVSS V4

Timeline