CVE-2025-48517
Awaiting Analysis Awaiting Analysis - Queue

Access Control Bypass in AMD SEV Firmware Risks Confidentiality

Vulnerability report for CVE-2025-48517, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-10

Last updated on: 2026-02-10

Assigner: Advanced Micro Devices Inc.

Description

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-10
Last Modified
2026-02-10
Generated
2026-07-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
amd sev_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves insufficient granularity of access control in SEV firmware. It allows a privileged user who controls a malicious hypervisor to create a SEV-ES guest with an ASID (Address Space Identifier) that falls within the range intended for SEV-SNP guests. This misassignment can potentially lead to a partial loss of confidentiality.

Impact Analysis

The impact of this vulnerability is a potential partial loss of confidentiality. A malicious hypervisor with privileged access could exploit this flaw to gain unauthorized access to sensitive information within SEV-ES guests by misusing ASIDs intended for SEV-SNP guests.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart