CVE-2025-48514
Awaiting Analysis Awaiting Analysis - Queue

Insufficient Access Control in AMD SEV Firmware Enables Confidentiality Loss

Vulnerability report for CVE-2025-48514, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-10

Last updated on: 2026-02-10

Assigner: Advanced Micro Devices Inc.

Description

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-10
Last Modified
2026-02-10
Generated
2026-07-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
amd sev_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves insufficient granularity of access control in SEV firmware. It allows a privileged attacker to create a SEV-ES Guest that can attack an SNP guest, potentially leading to a loss of confidentiality.

Impact Analysis

The impact of this vulnerability is a potential loss of confidentiality. A privileged attacker could exploit it to compromise the security boundaries between SEV-ES and SNP guests, possibly accessing sensitive information.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48514. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart