HIGH SeverityCVSS 4.08.5CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
CVE-2025-61972
Last updated May 13, 2026 · Published May 13, 2026
Description
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
Affected products
1 listed- AMD:AMD EPYC™ 8004 Series Processors; AMD:AMD EPYC™ 9004 Series Processors; AMD:AMD EPYC™ 9005 Series Processors; AMD:AMD EPYC™ Embedded 8004 Series Processors; AMD:AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"); AMD:AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"); AMD:AMD EPYC™ Embedded 9005 Series Processors
Mappings
CWE
CWE-1233
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms