{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54505", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2025-07-23T15:01:50.733Z", "datePublished": "2026-04-27T15:16:04.613Z", "dateUpdated": "2026-04-29T03:04:47.232Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-04-27T15:16:04.613Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 7001 Series Processors", "versions": [{"version": "OS update", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "versions": [{"version": "OS Update", "status": "unaffected"}]}], "datePublic": "2026-04-27T15:15:36.000Z", "descriptions": [{"lang": "en", "value": "A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality. <br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1420", "description": "CWE-1420 Exposure of Sensitive Information during Transient Execution", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7053.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "baseScore": 2, "baseSeverity": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T16:04:59.813520Z", "id": "CVE-2025-54505", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:05:37.627Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://xenbits.xen.org/xsa/advisory-488.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-29T03:04:47.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://xenbits.xen.org/xsa/advisory-488.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-29T03:04:47.232Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T16:04:59.813520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:05:18.025Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "privilegesRequired": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD EPYC\u2122 7001 Series Processors", "versions": [{"status": "unaffected", "version": "OS update"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "versions": [{"status": "unaffected", "version": "OS Update"}], "defaultStatus": "affected"}], "datePublic": "2026-04-27T15:15:36.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7053.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.", "supportingMedia": [{"type": "text/html", "value": "A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality. <br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1420", "description": "CWE-1420 Exposure of Sensitive Information during Transient Execution"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-04-27T15:16:04.613Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54505", "state": "PUBLISHED", "dateUpdated": "2026-04-29T03:04:47.232Z", "dateReserved": "2025-07-23T15:01:50.733Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2026-04-27T15:16:04.613Z", "assignerShortName": "AMD"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality."}], "id": "CVE-2025-54505", "lastModified": "2026-04-29T04:16:38.897", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2026-04-27T16:16:28.780", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-488.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "OS update"}}], "enrichment": {"confidence": 93.0, "confidence_source": "matching", "scores": [{"score": 93.0, "source": "matching"}]}, "original": {"product": "AMD EPYC\u2122 7001 Series Processors", "source": "cna", "vendor": "AMD"}, "product": "epyc_7001_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "OS Update"}}], "enrichment": {"confidence": 94.0, "confidence_source": "matching", "scores": [{"score": 94.0, "source": "matching"}]}, "original": {"product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "source": "cna", "vendor": "AMD"}, "product": "epyc_embedded_3000_series_processors", "vendor": "amd"}], "analysis": {"en": {"generated_at": "2026-04-28T04:19:16.404683+00:00", "value": {"mitigation_remediation": ["Apply the latest microcode updates and firmware releases from AMD that address the floating point divisor unit leak for EPYC\u202f7001 and Embedded\u202f3000 series processors.", "Limit local user privileges so that only trusted administrators have the rights needed to run code at privileged levels; adopt a least\u2011privilege model for regular users.", "Keep the system BIOS/firmware and operating system up to date to enable any microarchitectural mitigation options that can reduce side\u2011channel leakage."], "summary": {"action": "Monitor", "impact": "Loss of Confidentiality"}, "threat_synthesis": {"affected_systems": "AMD EPYC\u202f7001 Series Processors and AMD EPYC\u202fEmbedded\u202f3000 Series Processors are affected. Version details are not provided in the advisory.", "description_and_impact": "This transient execution vulnerability in AMD CPUs enables a local user-privileged attacker to read data in the floating point divisor unit, potentially allowing the exfiltration of sensitive information. The flaw is a data leakage weakness identified as CWE\u20111420 and could lead to loss of confidentiality, with no reported impact on integrity or availability.", "risk_and_exploitability": "The CVSS score is 2, indicating low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the attack requires local privileged execution, the likely attack vector is local, and no publicly known exploits exist, so the exploitation probability remains low."}}}}, "created": "2026-04-28T04:30:21.142111+00:00", "title": "Local Privileged Data Leak via Floating Point Divisor Unit in AMD CPUs", "updated": "2026-04-28T08:30:13.035843+00:00", "vendors": ["amd", "amd$PRODUCT$epyc_7001_series_processors", "amd$PRODUCT$epyc_embedded_3000_series_processors"]}