What is CVE-2025-0032?

CVE-2025-0032 is a high-severity vulnerability in Amd Epyc™ 9005 Series Processors, classified under Incomplete Cleanup. CVSS score: 7.2/10. Published 2025-09-06.

How severe is CVE-2025-0032?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2025-0032 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd Epyc™ 9005 Series Processors

CVE-2025-0032

Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.

EPSS: 0.000 (4.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N.

Affected products

Amd Epyc™ 9005 Series Processors — versions TurinPI 1.0.0.4
Amd Epyc™ Embedded 9000 Series Processors — versions Embturin PI 1.0.0.0
Amd Ryzen™ 9000hx Series Processors — versions FireRangeFL1PI 1.0.0.0a
Amd Ryzen™ 9000 Series Desktop Processors — versions ComboAM5PI 1.2.0.3c
Amd Ryzen™ Ai 300 Series Processors — versions StrixKrackanPI-FP8_1.1.0.1b
Amd Ryzen™ Al Max+ — versions StrixHaloPI-FP11_1.0.0.1
Amd Ryzen™ Threadripper™ 9000 Series — versions ShimadaPeakPI-SP6 1.0.0.1

Weakness classification (CWE)

CWE-459 — Incomplete Cleanup

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

Frequently asked questions

What is CVE-2025-0032?: CVE-2025-0032 is a high-severity vulnerability in Amd Epyc™ 9005 Series Processors, classified under Incomplete Cleanup. CVSS score: 7.2/10. Published 2025-09-06.
How severe is CVE-2025-0032?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2025-0032 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.