ByteOS Network

CVE Vulnerability Details :

CVE-2025-48514

PUBLISHED

More Info Official Page

Assigner-AMD

Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648

Published At-10 Feb, 2026 | 19:14

Updated At-11 Feb, 2026 | 14:54

▼CVE Numbering Authority (CNA)

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

Affected Products

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 9004 Series Processors

Default Status

affected

Versions

Unaffected

Genoa++_1.0.0.H

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 7003 Series Processors

Default Status

affected

Versions

Unaffected

MilanPI 1.0.0.H

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 9005 Series Processors

Default Status

affected

Versions

Unaffected

TurinPI 1.0.0.6

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ 8004 Series Processors

Default Status

affected

Versions

Unaffected

Genoa++_1.0.0.H

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ Embedded 7003 Series Processors

Default Status

affected

Versions

Unaffected

EmbMilanPI-SP3 v9 1.0.0.C

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.C

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ Embedded 9005 Series Processors

Default Status

affected

Versions

Unaffected

EmbTurinPI-SP5_1.0.0.1

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.C

Vendor

Advanced Micro Devices, Inc.

Product

AMD EPYC™ Embedded 8004 Series Processors

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.C

Problem Types

Type	CWE ID	Description
CWE	CWE-1220	CWE-1220 Insufficient Granularity of Access Control

Type: CWE

CWE ID: CWE-1220

Description: CWE-1220 Insufficient Granularity of Access Control

Metrics

Version	Base score	Base severity	Vector
4.0	4.0	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Version: 4.0

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References