CVE-2025-0033
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-14
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | epyc | 9005 |
| amd | epyc | 7002 |
| amd | epyc | 7001 |
| amd | sev | * |
| amd | epyc | 4004 |
| amd | epyc | 8004 |
| amd | epyc | 7003 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-0033 is a medium-severity vulnerability in AMD's Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) technology. It involves improper access control during the initialization of the Reverse Map Table (RMP), where a malicious hypervisor with administrative privileges can exploit a race condition to write to and corrupt the RMP content. This corruption can compromise the integrity of the SEV-SNP guest memory. [1]
How can this vulnerability impact me? :
This vulnerability allows a local attacker with administrative privileges on the hypervisor to corrupt the guest memory integrity of SEV-SNP protected virtual machines. While it does not affect confidentiality or availability, it can lead to loss of integrity of guest memory, potentially allowing malicious manipulation of data within the virtualized environment. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-0033, immediately update the SEV Firmware and microcode to the specified versions for your AMD EPYC processor family (e.g., Milan SEV FW 1.37.23 with microcode 0x0A0011DE, Genoa SEV FW 1.37.31 with microcode 0x0A101156, Turin SEV FW 1.37.41 with microcode 0x0B002150). Alternatively, apply the AGESA SEV Mitigation Vector Bit 1 via Platform Initialization (PI) firmware updates provided by your OEM. These BIOS/firmware updates are critical to prevent a privileged hypervisor from exploiting the race condition in SEV-SNP RMP initialization. [1]