CVE-2025-54509
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Advanced Micro Devices Inc.

Description
Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2025-54509
EUVD
EUVD-2025-210086
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amd secure_processor From 5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1262 The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54509 is an improper access control vulnerability in the register interface of the input-output memory management unit (IOMMU) within AMD Secure Processor (ASP).

This flaw allows a privileged attacker, such as a malicious or compromised hypervisor, to cause non-coherent memory accesses by the ASP. Non-coherent accesses mean the ASP might read stale or outdated data from DRAM, losing recent updates made by the guest system.

This undermines the integrity guarantees of AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP), potentially leading to loss of data integrity.

Exploitation requires precise timing due to a race condition and affects 4th and 5th generation EPYC platforms.

Impact Analysis

This vulnerability can impact you by allowing a privileged attacker to cause the AMD Secure Processor to read stale data, which means recent updates to memory may be lost.

Such loss of data integrity can undermine the security of virtualized environments using AMD SEV-SNP technology, potentially leading to incorrect or outdated information being processed.

If you rely on affected AMD EPYC platforms and use virtualization technologies that depend on the ASP for memory protection, this vulnerability could compromise the trustworthiness of your system's memory operations.

Mitigation Strategies

To mitigate CVE-2025-54509, you should apply the updated Platform Initialization (PI) versions provided by AMD for affected products.

Additionally, install the specific BIOS updates available from your OEM that address this vulnerability on 4th and 5th generation EPYC platforms.

These mitigations prevent exploitation of the improper access control in the IOMMU register interface that could lead to loss of integrity in the AMD Secure Processor.

Compliance Impact

The vulnerability involves improper access control in the AMD Secure Processor's IOMMU register interface, potentially causing loss of integrity due to non-coherent memory accesses. This loss of integrity could undermine the security guarantees of AMD Secure Encrypted Virtualization, which may impact the protection of sensitive data.

However, there is no specific information provided about how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54509. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart