{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54510", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2025-07-23T15:01:50.734Z", "datePublished": "2026-04-16T18:44:10.182Z", "dateUpdated": "2026-05-13T03:14:06.848Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-05-13T03:14:06.848Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 9004 Series Processors", "versions": [{"version": "GenoaPI_1.0.0.H", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 7003 Series Processors", "versions": [{"version": "MilanPI-SP3_1.0.0.J", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 9005 Series Processors", "versions": [{"version": "TurinPI_1.0.0.8", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 8004 Series Processors", "versions": [{"version": "GenoaPI_1.0.0.H", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "versions": [{"version": "EmbMilanPI-SP3 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 8004 Series Processors", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9005 Series Processors", "versions": [{"version": "EmbeddedTurinPI_SP5_1004", "status": "unaffected"}]}], "datePublic": "2026-05-13T03:13:40.572Z", "descriptions": [{"lang": "en", "value": "A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-414", "description": "CWE-414 Missing Lock Check", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T18:56:03.988813Z", "id": "CVE-2025-54510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:56:45.675Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T18:56:03.988813Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:56:33.115Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "privilegesRequired": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD EPYC\u2122 9004 Series Processors", "versions": [{"status": "unaffected", "version": "GenoaPI_1.0.0.H"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 7003 Series Processors", "versions": [{"status": "unaffected", "version": "MilanPI-SP3_1.0.0.J"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 9005 Series Processors", "versions": [{"status": "unaffected", "version": "TurinPI_1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 8004 Series Processors", "versions": [{"status": "unaffected", "version": "GenoaPI_1.0.0.H"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "versions": [{"status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.D"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "versions": [{"status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.D"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "versions": [{"status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.D"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 8004 Series Processors", "versions": [{"status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.D"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9005 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedTurinPI_SP5_1004"}], "defaultStatus": "affected"}], "datePublic": "2026-05-13T03:13:40.572Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.", "supportingMedia": [{"type": "text/html", "value": "A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-414", "description": "CWE-414 Missing Lock Check"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-05-13T03:14:06.848Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54510", "state": "PUBLISHED", "dateUpdated": "2026-05-13T03:14:06.848Z", "dateReserved": "2025-07-23T15:01:50.734Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2026-04-16T18:44:10.182Z", "assignerShortName": "AMD"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity."}], "id": "CVE-2025-54510", "lastModified": "2026-04-17T15:14:05.510", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2026-04-16T19:16:32.897", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-414"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{"bugzilla": {"description": "AMD Platform Security Processor: AMD EPYC 9005 Series CPUs: AMD Platform Security Processor: Information disclosure via missing lock check", "id": "2459015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459015"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-414", "details": ["A flaw was found in the AMD Platform Security Processor in AMD EPYC\u2122 9005 Series CPUs. A missing lock check allows a privileged attacker with local access to potentially impact the confidentiality of guest data. This vulnerability could lead to unauthorized disclosure of sensitive information within the guest environment."], "name": "CVE-2025-54510", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-16T18:44:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-54510\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-54510\nhttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "MilanPI-SP3_1.0.0.J"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_7003_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "GenoaPI_1.0.0.H"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_8004_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "GenoaPI_1.0.0.H"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_9004_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "TurinPI_1.0.0.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_9005_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "EmbMilanPI-SP3 1.0.0.D"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_embedded_7003_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "EmbGenoaPI-SP5 1.0.0.D"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_embedded_8004_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "EmbGenoaPI-SP5 1.0.0.D"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_embedded_9004_series_processors", "vendor": "amd"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "EmbeddedTurinPI_SP5_1004"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "epyc_embedded_9005_series_processors", "vendor": "amd"}], "analysis": {"en": {"generated_at": "2026-04-17T02:28:24.481351+00:00", "value": {"mitigation_remediation": ["Apply the latest AMD Secure Processor firmware update as outlined in AMD Bulletin AMD\u2011SB\u20113034.", "Restrict local administrative privileges by implementing role\u2011based access controls so that only trusted personnel can modify firmware settings.", "Enable and monitor system logs for unauthorized MMIO configuration changes to detect potential exploitation."], "summary": {"action": "Update Firmware", "impact": "Alteration of MMIO routing leading to guest system integrity compromise"}, "threat_synthesis": {"affected_systems": "AMD EPYC\u00a07003 Series Processors, AMD EPYC\u00a08004 Series Processors, AMD EPYC\u00a09004 Series Processors, AMD EPYC\u00a09005 Series Processors, AMD EPYC Embedded\u00a07003 Series Processors, AMD EPYC Embedded\u00a08004 Series Processors, AMD EPYC Embedded\u00a09004\u00a0Series Processors, AMD EPYC Embedded\u00a09005 Series Processors.", "description_and_impact": "A missing lock verification in the AMD Secure Processor firmware can allow a locally authenticated attacker with administrative privileges to change MMIO routing on selected Zen\u00a05 products. This flaw, classified as CWE\u2011414, compromises the ability of a guest system to maintain isolation and integrity. The attacker could re\u2011route memory\u2011mapped I/O to unauthorized devices, potentially enabling privilege escalation within the virtualized environment.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 5.9, indicating moderate severity. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting limited public exploitation at this time. Attacks would require local administrative access to the host, making it less likely to be a widespread threat but still significant for environments where privileged users have unchecked firmware control."}}}}, "created": "2026-04-17T02:30:07.318657+00:00", "updated": "2026-04-20T15:05:26.115238+00:00", "vendors": ["amd", "amd$PRODUCT$epyc_7003_series_processors", "amd$PRODUCT$epyc_8004_series_processors", "amd$PRODUCT$epyc_9004_series_processors", "amd$PRODUCT$epyc_9005_series_processors", "amd$PRODUCT$epyc_embedded_7003_series_processors", "amd$PRODUCT$epyc_embedded_8004_series_processors", "amd$PRODUCT$epyc_embedded_9004_series_processors", "amd$PRODUCT$epyc_embedded_9005_series_processors"]}