CVE-2025-48514

Vulnerability Description

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

Related Weaknesses (CWE)

CWE-1220

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

FAQ

What is CVE-2025-48514?

CVE-2025-48514 is a documented vulnerability. Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

How severe is CVE-2025-48514?

CVSS scoring is not yet available for CVE-2025-48514. Check NVD for updates.

Is there a patch for CVE-2025-48514?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.