CVE-2025-54509 - Vulnerability Details - OpenCVE

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html

History

Tue, 09 Jun 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
Weaknesses		CWE-1262
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html
Metrics		cvssV4_0 `{'score': 4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-06-09T17:22:26.026Z

Updated: 2026-06-09T18:57:03.527Z

Reserved: 2025-07-23T15:01:50.734Z

Link: CVE-2025-54509

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:16:32.580

Modified: 2026-06-09T19:30:24.713

Link: CVE-2025-54509

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54509", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2025-07-23T15:01:50.734Z", "datePublished": "2026-06-09T17:22:26.026Z", "dateUpdated": "2026-06-09T18:57:03.527Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-06-09T17:22:26.026Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 9004 Series Processors", "versions": [{"version": "GenoaPI_1.0.0.H", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 9005 Series Processors", "versions": [{"version": "TurinPI_1.0.0.8", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 8004 Series Processors", "versions": [{"version": "GenoaPI_1.0.0.H", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Genoa\")", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 8004 Series Processors", "versions": [{"version": "EmbGenoaPI-SP5 1.0.0.D", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9005 Series Processors", "versions": [{"version": "EmbeddedTurinPI_SP5_1004", "status": "unaffected"}]}], "datePublic": "2026-06-09T17:22:07.835Z", "descriptions": [{"lang": "en", "value": "Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1262", "description": "CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T18:56:45.465105Z", "id": "CVE-2025-54509", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T18:57:03.527Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity."}], "id": "CVE-2025-54509", "lastModified": "2026-06-09T19:30:24.713", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-06-09T18:16:32.580", "references": [{"source": "[email protected]", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1262"}], "source": "[email protected]", "type": "Secondary"}]}