CVE-2025-48517

Vulnerability Description

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.

Related Weaknesses (CWE)

CWE-1220

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

FAQ

What is CVE-2025-48517?

CVE-2025-48517 is a documented vulnerability. Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti...

How severe is CVE-2025-48517?

CVSS scoring is not yet available for CVE-2025-48517. Check NVD for updates.

Is there a patch for CVE-2025-48517?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.