CVE-2025-54502
Awaiting Analysis
Awaiting Analysis - Queue
Privilege Escalation via Boot Service Misuse in AMD APCB SMM Driver
Vulnerability report for CVE-2025-54502, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-16
Last updated on: 2026-06-30
Assigner: Advanced Micro Devices Inc.
Description
Description
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | platform_configuration_blob | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-648 | The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly. |
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |