PatchSiren cyber security CVE debrief
CVE-2025-54509 AMD CVE debrief
CVE-2025-54509 is a Medium severity vulnerability (CVSS Score: 4) affecting an unknown vendor and product. The vulnerability is related to improper access control for the register interface in the input-output memory management unit (IOMMU), which could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP), potentially resulting in loss of integrity.
- Vendor
- AMD
- Product
- AMD EPYC™ 9004 Series Processors
- CVSS
- MEDIUM 4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of AMD products should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by improper access control for the register interface in the IOMMU. This could allow a privileged attacker to cause non-coherent accesses by the ASP, potentially resulting in loss of integrity.
Defensive priority
Medium
Recommended defensive actions
- Users should review the AMD security bulletin (see [ref-4]) for patched versions and apply updates as necessary.
Evidence notes
The vendor is currently listed as 'Unknown Vendor', but evidence suggests the affected product is from AMD.
Official resources
-
CVE-2025-54509 CVE record
CVE.org
-
CVE-2025-54509 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-54509 was published on 2026-06-09T18:16:32.580Z and modified on 2026-06-09T19:30:24.713Z.