Vulnerability in Amd Epyc™ 7003 Series Processors

CVE-2025-54510

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integri…

EPSS: 0.000 (4.3th percentile) — read the EPSS interpretation.

Affected products

Amd Epyc™ 7003 Series Processors — versions MilanPI-SP3_1.0.0.J
Amd Epyc™ 8004 Series Processors — versions GenoaPI_1.0.0.H
Amd Epyc™ 9004 Series Processors — versions GenoaPI_1.0.0.H
Amd Epyc™ 9005 Series Processors — versions TurinPI_1.0.0.8
Amd Epyc™ Embedded 7003 Series Processors — versions EmbMilanPI-SP3 1.0.0.D
Amd Epyc™ Embedded 8004 Series Processors — versions EmbGenoaPI-SP5 1.0.0.D
Amd Epyc™ Embedded 9004 Series Processors — versions EmbGenoaPI-SP5 1.0.0.D
Amd Epyc™ Embedded 9004 Series Processors — versions EmbGenoaPI-SP5 1.0.0.D
Amd Epyc™ Embedded 9005 Series Processors — versions EmbeddedTurinPI_SP5_1004

Weakness classification (CWE)

CWE-414

References

www.amd.com/en/resources/product-security/bulletin/AMD-SB-3034.html