CVE-2025-48509

Published: Feb 10, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity

Vendor	Product	Versions
AMD	AMD EPYC™ 9004 Series Processors	unaffected `GenoaPI 1.0.0.F`
AMD	AMD EPYC™ 7003 Series Processors	unaffected `MilanPI 1.0.0.H`
AMD	AMD EPYC™ 9005 Series Processors	unaffected `TurinPI 1.0.0.5`
AMD	AMD EPYC™ 8004 Series Processors	unaffected `GenoaPI 1.0.0.F`
AMD	AMD EPYC™ Embedded 7003 Series Processors	unaffected `EmbMilanPI-SP3 v9 1.0.0.C`
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")	unaffected `EmbGenoaPI-SP5 1.0.0.B`
AMD	AMD EPYC™ Embedded 9005 Series Processors	unaffected `EmbTurinPI-SP5_1.0.0.1`
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")	unaffected `EmbGenoaPI-SP5 1.0.0.B`
AMD	AMD EPYC™ Embedded 8004 Series Processors	unaffected `EmbGenoaPI-SP5 1.0.0.B`

Weaknesses (CWE)

CWE-665

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-48509

Description

Affected Products

Weaknesses (CWE)

References