CVE-2025-61972
Possible ATT&CK Techniques 2AI
T1542.002 · Component Firmware T1068 · Exploitation for Privilege EscalationAffected Version Matrix 7
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 8004 Series Processors | GenoaPI_1.0.0.H | unaffected |
| AMD | AMD EPYC™ 9004 Series Processors | GenoaPI_1.0.0.H | unaffected |
| AMD | AMD EPYC™ 9005 Series Processors | TurinPI_1.0.0.8 | unaffected |
| AMD | AMD EPYC™ Embedded 8004 Series Processors | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo") | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD EPYC™ Embedded 9005 Series Processors | EmbeddedTurinPI_SP5_1004 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-61972
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1233
Source: NVD (National Vulnerability Database)
Vulnerability Title
AMD多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AMD EPYC是美国超威半导体(AMD)公司的一款高性能服务器处理器。 AMD多款产品存在安全漏洞,该漏洞源于可能导致本地管理员权限攻击者获得任意系统管理网络访问,可能导致AMD安全处理器中执行任意代码以及SEV-SNP客户机密性和完整性丢失。以下产品受到影响:AMD EPYC 8004、AMD EPYC Embedded 9004和AMD EPYC Embedded 9005。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Series Processors | GenoaPI_1.0.0.H | - | |
| AMD | AMD EPYC™ 9005 Series Processors | TurinPI_1.0.0.8 | - | |
| AMD | AMD EPYC™ 8004 Series Processors | GenoaPI_1.0.0.H | - | |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") | EmbGenoaPI-SP5 1.0.0.D | - | |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo") | EmbGenoaPI-SP5 1.0.0.D | - | |
| AMD | AMD EPYC™ Embedded 8004 Series Processors | EmbGenoaPI-SP5 1.0.0.D | - | |
| AMD | AMD EPYC™ Embedded 9005 Series Processors | EmbeddedTurinPI_SP5_1004 | - |
II. Public POCs for CVE-2025-61972
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-61972
请登录查看更多情报信息。
Same Patch Batch · AMD · 2026-05-13 · 6 CVEs total
| CVE-2024-36315 | AMD多款产品 安全漏洞 | |
| CVE-2025-61971 | AMD多款产品 安全漏洞 | |
| CVE-2025-62627 | VMware ESXi 安全漏洞 | |
| CVE-2025-62624 | VMware ESXi 安全漏洞 | |
| CVE-2025-62623 | VMware ESXi 缓冲区错误漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2025-61972
No comments yet