{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0032", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2024-11-21T16:17:57.821Z", "datePublished": "2025-09-06T18:34:33.606Z", "dateUpdated": "2025-09-09T03:55:25.811Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-06T18:34:33.606Z"}, "affected": [{"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 9005 Series Processors", "versions": [{"version": "TurinPI 1.0.0.4", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 AI 300 Series Processors", "versions": [{"version": "StrixKrackanPI-FP8_1.1.0.1b", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "versions": [{"version": "ComboAM5PI 1.2.0.3c", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 9000HX Series Processors", "versions": [{"version": "FireRangeFL1PI 1.0.0.0a", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Al Max+", "versions": [{"version": "StrixHaloPI-FP11_1.0.0.1", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 9000 series", "versions": [{"version": "ShimadaPeakPI-SP6 1.0.0.1", "status": "unaffected"}]}, {"defaultStatus": "affected", "vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9000 Series Processors", "versions": [{"version": "Embturin PI 1.0.0.0", "status": "unaffected"}]}], "datePublic": "2025-09-06T18:13:50.803Z", "descriptions": [{"lang": "en", "value": "Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.<br>"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-0032"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-09T03:55:25.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T19:55:46.014879Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T19:55:52.495Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD EPYC\u2122 9005 Series Processors", "versions": [{"status": "unaffected", "version": "TurinPI 1.0.0.4"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 AI 300 Series Processors", "versions": [{"status": "unaffected", "version": "StrixKrackanPI-FP8_1.1.0.1b"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM5PI 1.2.0.3c"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 9000HX Series Processors", "versions": [{"status": "unaffected", "version": "FireRangeFL1PI 1.0.0.0a"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Al Max+", "versions": [{"status": "unaffected", "version": "StrixHaloPI-FP11_1.0.0.1"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 9000 series", "versions": [{"status": "unaffected", "version": "ShimadaPeakPI-SP6 1.0.0.1"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD EPYC\u2122 Embedded 9000 Series Processors", "versions": [{"status": "unaffected", "version": "Embturin PI 1.0.0.0"}], "defaultStatus": "affected"}], "datePublic": "2025-09-06T18:13:50.803Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html"}], "x_generator": {"engine": "AMD PSIRT Automation 1.0"}, "descriptions": [{"lang": "en", "value": "Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.", "supportingMedia": [{"type": "text/html", "value": "Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2025-09-06T18:34:33.606Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0032", "state": "PUBLISHED", "dateUpdated": "2025-09-08T19:55:55.664Z", "dateReserved": "2024-11-21T16:17:57.821Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2025-09-06T18:34:33.606Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution."}], "id": "CVE-2025-0032", "lastModified": "2025-09-08T16:25:38.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2025-09-06T19:15:38.217", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html"}, {"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html"}, {"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{}

{"created": "2025-09-08T15:17:32.754377+00:00", "updated": "2025-09-08T15:17:32.754445+00:00", "vendors": ["amd", "amd$PRODUCT$epyc", "amd$PRODUCT$epyc_9000", "amd$PRODUCT$epyc_9005", "amd$PRODUCT$ryzen_9000", "amd$PRODUCT$ryzen_9000hx", "amd$PRODUCT$ryzen_ai_300", "amd$PRODUCT$ryzen_al_max+", "amd$PRODUCT$ryzen_threadripper_9000"]}