CVE-2025-54510 - Vulnerability Details

CVE-2025-54510 - AMD Platform Security Processor: AMD EPYC 9005 Series CPUs: AMD Platform Security Processor: Information disclosure via missing lock check

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Amd	Epyc 7003 Series Processors Epyc 8004 Series Processors Epyc 9004 Series Processors Epyc 9005 Series Processors Epyc Embedded 7003 Series Processors Epyc Embedded 8004 Series Processors Epyc Embedded 9004 Series Processors Epyc Embedded 9005 Series Processors

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Amd	Epyc 7003 Series Processors Epyc 8004 Series Processors Epyc 9004 Series Processors Epyc 9005 Series Processors Epyc Embedded 7003 Series Processors Epyc Embedded 8004 Series Processors Epyc Embedded 9004 Series Processors Epyc Embedded 9005 Series Processors

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-54510
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html
https://www.cve.org/CVERecord?id=CVE-2025-54510

History

Tue, 21 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title		AMD Platform Security Processor: AMD EPYC 9005 Series CPUs: AMD Platform Security Processor: Information disclosure via missing lock check
References		https://nvd.nist.gov/vuln/detail/CVE-2025-54510 https://www.cve.org/CVERecord?id=CVE-2025-54510
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}` threat_severity `Moderate`

Mon, 20 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd epyc 7003 Series Processors Amd epyc 8004 Series Processors Amd epyc 9004 Series Processors Amd epyc 9005 Series Processors Amd epyc Embedded 7003 Series Processors Amd epyc Embedded 8004 Series Processors Amd epyc Embedded 9004 Series Processors Amd epyc Embedded 9005 Series Processors
Vendors & Products		Amd Amd epyc 7003 Series Processors Amd epyc 8004 Series Processors Amd epyc 9004 Series Processors Amd epyc 9005 Series Processors Amd epyc Embedded 7003 Series Processors Amd epyc Embedded 8004 Series Processors Amd epyc Embedded 9004 Series Processors Amd epyc Embedded 9005 Series Processors

Thu, 16 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description	Missing lock check in AMD Platform Security Processor in AMD EPYC™ 9005 Series CPUs allows a privileged attacker to potentially impact guest confidentiality via local access.	A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

Thu, 16 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 16 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		Missing lock check in AMD Platform Security Processor in AMD EPYC™ 9005 Series CPUs allows a privileged attacker to potentially impact guest confidentiality via local access.
Weaknesses		CWE-414
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html
Metrics		cvssV4_0 `{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-04-16T18:44:10.182Z

Updated: 2026-04-16T19:10:19.002Z

Reserved: 2025-07-23T15:01:50.734Z

Link: CVE-2025-54510

Vulnrichment

Updated: 2026-04-16T18:56:33.115Z

NVD

Status : Awaiting Analysis

Published: 2026-04-16T19:16:32.897

Modified: 2026-04-17T15:14:05.510

Link: CVE-2025-54510

Redhat

Severity : Moderate

Publid Date: 2026-04-16T18:44:10Z

Links: CVE-2025-54510 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T15:05:26Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object