CVE-2025-54509 | Improper access control for register interface in the input-… | CVSS 4.0 MEDIUM

Description

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

Metadata

CVE ID: CVE-2025-54509
State: PUBLISHED
Assigner: AMD
Reserved: 2025-07-23 15:01 UTC
Published: 2026-06-09 17:22 UTC
Last updated: 2026-06-09 18:57 UTC
Primary CWE: CWE-1262
CWE-1262 Register Interface Allows Software Access to Sensi…
Vendor / Product: AMD / AMD EPYC™ 9004 Series Processors
Sources: cve.org · NVD

Severity & Metrics

4.0 MEDIUM CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (7)

Vendor	Product	Platform	Versions
AMD	AMD EPYC™ 8004 Series Processors	—	GenoaPI_1.0.0.H
AMD	AMD EPYC™ 9004 Series Processors	—	GenoaPI_1.0.0.H
AMD	AMD EPYC™ 9005 Series Processors	—	TurinPI_1.0.0.8
AMD	AMD EPYC™ Embedded 8004 Series Processors	—	EmbGenoaPI-SP5 1.0.0.D
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")	—	EmbGenoaPI-SP5 1.0.0.D
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")	—	EmbGenoaPI-SP5 1.0.0.D
AMD	AMD EPYC™ Embedded 9005 Series Processors	—	EmbeddedTurinPI_SP5_1004

Weakness (CWE)

CWE	Source	Description
CWE-1262	cna	CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.0	MEDIUM	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

References (1)

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html