CVE-2025-48514

Published: Feb 10, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

Vendor	Product	Versions
AMD	AMD EPYC™ 9004 Series Processors	unaffected `Genoa++_1.0.0.H`
AMD	AMD EPYC™ 7003 Series Processors	unaffected `MilanPI 1.0.0.H`
AMD	AMD EPYC™ 9005 Series Processors	unaffected `TurinPI 1.0.0.6`
AMD	AMD EPYC™ 8004 Series Processors	unaffected `Genoa++_1.0.0.H`
AMD	AMD EPYC™ Embedded 7003 Series Processors	unaffected `EmbMilanPI-SP3 v9 1.0.0.C`
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")	unaffected `EmbGenoaPI-SP5 1.0.0.C`
AMD	AMD EPYC™ Embedded 9005 Series Processors	unaffected `EmbTurinPI-SP5_1.0.0.1`
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")	unaffected `EmbGenoaPI-SP5 1.0.0.C`
AMD	AMD EPYC™ Embedded 8004 Series Processors	unaffected `EmbGenoaPI-SP5 1.0.0.C`

Weaknesses (CWE)

CWE-1220

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-48514

Description

Affected Products

Weaknesses (CWE)

References