Race condition in AMD products - CVE-2025-0033
Published: October 14, 2025
Vulnerability identifier: #VU116976
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-0033
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: AMD
Affected software:
AMD EPYC Embedded 7003
AMD EPYC Embedded 9005
AMD EPYC 7003
AMD EPYC 8004
AMD EPYC 9004
AMD EPYC 9005
AMD EPYC Embedded 8004
AMD EPYC Embedded 9004
AMD EPYC Embedded 7003
AMD EPYC Embedded 9005
AMD EPYC 7003
AMD EPYC 8004
AMD EPYC 9004
AMD EPYC 9005
AMD EPYC Embedded 8004
AMD EPYC Embedded 9004
Detailed vulnerability description
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to a race condition that can occur while the AMD Secure Processor (ASP) is initializing the RMP. A malicious hypervisor can corrupt the Reverse Map Table (RMP) during Secure Nested Paging (SNP) initialization resulting in loss of SEV-SNP guest memory integrity.
How to mitigate CVE-2025-0033
Install updates from vendor's website.