Observable discrepancy in AMD products - CVE-2025-54505
Published: April 20, 2026
Vulnerability identifier: #VU126567
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-54505
CWE-ID: CWE-203
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: AMD
Affected software:
AMD EPYC 7001 Processors
AMD EPYC Embedded 3000
AMD Athlon 3000 Series Processors with Radeon Graphics
AMD Ryzen 3000 Series Processors with Radeon Graphics
AMD Ryzen PRO 3000 Series Processors with Radeon Vega Graphics
AMD EPYC 7001 Processors
AMD EPYC Embedded 3000
AMD Athlon 3000 Series Processors with Radeon Graphics
AMD Ryzen 3000 Series Processors with Radeon Graphics
AMD Ryzen PRO 3000 Series Processors with Radeon Vega Graphics
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to transient execution in floating-point divisor unit when executing floating-point operations in privileged code. A local user can sample data from the floating-point divisor unit to disclose sensitive information.
The issue affects systems with SMT enabled as well as systems without SMT.
How to mitigate CVE-2025-54505
Cybersecurity Help is currently unaware of any official solution to address this vulnerability. AMD recommends users should contact their OS vendor regarding available mitigations.