PatchSiren cyber security CVE debrief
CVE-2025-54502 AMD CVE debrief
CVE-2025-54502 is a HIGH-severity vulnerability in the AMD Platform Configuration Blob (APCB) SMM driver. A privileged attacker with local access (Ring 0) could exploit this vulnerability to achieve privilege escalation, potentially leading to arbitrary code execution. The vulnerability has a CVSS score of 7.1. The CVE was published on 2026-04-16 and last modified on 2026-06-30. AMD has released a security bulletin (AMD-SB-7054) addressing this issue. Red Hat has also provided information on this vulnerability through their security portal and a bug report in Bugzilla.
- Vendor
- AMD
- Product
- AMD EPYC™ 9004 Series Processors
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-16
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-16
- Advisory updated
- 2026-06-30
Who should care
Organizations using AMD-based systems should prioritize patching this vulnerability. System administrators and security teams responsible for maintaining systems with AMD processors are advised to review the AMD security bulletin and apply necessary updates. Additionally, Red Hat users can find relevant information and potential patches through their security portals and Bugzilla reports.
Technical summary
The vulnerability is caused by the incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver. This could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation. The vulnerability's CVSS vector is CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. CWE-668 and CWE-648 are associated with this vulnerability.
Defensive priority
High priority should be given to patching this vulnerability due to its potential for privilege escalation and arbitrary code execution. System administrators should review the AMD security bulletin (AMD-SB-7054) and apply necessary updates.
Recommended defensive actions
- Review and apply the AMD security bulletin (AMD-SB-7054) updates.
- Check Red Hat security portals and Bugzilla reports for relevant information and potential patches.
- Inventory systems with AMD processors to ensure they are patched.
- Monitor system logs for potential exploitation attempts.
- Implement compensating controls to detect and prevent local privilege escalation attacks.
Evidence notes
The CVE record and NVD detail provide official information on this vulnerability. AMD's security bulletin (AMD-SB-7054) and Red Hat's security portal and Bugzilla reports offer additional context and mitigation strategies. The CVSS score and vector provide a standardized measure of the vulnerability's severity.
Official resources
-
CVE-2025-54502 CVE record
CVE.org
-
CVE-2025-54502 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.