CVE-2025-61972 - Vulnerability Details

- NBIO Register Lock Bit Exposure Grants Local Administrator Arbitrary SMN Access

Description

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.

Published: 2026-05-13

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing lock bit protection for NBIO registers allows a local administrator with privileged access to manipulate those registers. This permits the attacker to obtain System Management Network (SMN) access, which can be used to execute arbitrary code inside the AMD Secure Processor (ASP). The resulting compromise would lead to loss of confidentiality and integrity for SEV‑SNP guests. The vulnerability is classified as CWE‑1233, indicating a failure to enforce proper lock bit constraints on critical registers.

Affected Systems

AMD’s EPYC 8004, 9004, 9005 processor families—including the Embedded 8004, Embedded 9004 (formerly Genoa), Embedded 9004 (formerly Bergamo) and Embedded 9005—are impacted by this flaw.

Risk and Exploitability

The CVSS score of 8.5 reflects a high severity risk. EPSS data is currently unavailable, so the likelihood of exploitation remains indeterminate, though the vulnerability requires local admin privilege to exploit. The flaw is not listed in the CISA KEV catalog, indicating no confirmed incident reports yet. An attacker with local admin rights on an affected system could directly gain SMN access and achieve arbitrary code execution within the secure processor, making the risk significant for environments that rely on SEV‑SNP protection.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD EPYC™ 9004 Series Processors

affected

Version	Status	Constraints
`GenoaPI_1.0.0.H`	unaffected	—

AMD

AMD EPYC™ 9005 Series Processors

affected

Version	Status	Constraints
`TurinPI_1.0.0.8`	unaffected	—

AMD

AMD EPYC™ 8004 Series Processors

affected

Version	Status	Constraints
`GenoaPI_1.0.0.H`	unaffected	—

AMD

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")

affected

Version	Status	Constraints
`EmbGenoaPI-SP5 1.0.0.D`	unaffected	—

AMD

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")

affected

Version	Status	Constraints
`EmbGenoaPI-SP5 1.0.0.D`	unaffected	—

AMD

AMD EPYC™ Embedded 8004 Series Processors

affected

Version	Status	Constraints
`EmbGenoaPI-SP5 1.0.0.D`	unaffected	—

AMD

AMD EPYC™ Embedded 9005 Series Processors

affected

Version	Status	Constraints
`EmbeddedTurinPI_SP5_1004`	unaffected	—

No data.

Vendor Product Confidence Versions

Amd

Epyc 8004 Series Processors

93%

Version	Status	Scheme	Platform
`GenoaPI_1.0.0.H`	unaffected	generic	—

Amd

Epyc 9004 Series Processors

93%

Version	Status	Scheme	Platform
`GenoaPI_1.0.0.H`	unaffected	generic	—

Amd

Epyc 9005 Series Processors

93%

Version	Status	Scheme	Platform
`TurinPI_1.0.0.8`	unaffected	generic	—

Amd

Epyc Embedded 8004 Series Processors

94%

Version	Status	Scheme	Platform
`EmbGenoaPI-SP5 1.0.0.D`	unaffected	generic	—

Amd

Epyc Embedded 9004 Series Processors

100%

Version	Status	Scheme	Platform
`EmbGenoaPI-SP5 1.0.0.D`	unaffected	generic	—

Amd

Epyc Embedded 9005 Series Processors

94%

Version	Status	Scheme	Platform
`EmbeddedTurinPI_SP5_1004`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the firmware or BIOS update released by AMD that addresses the NBIO register lock bit issue as described in AMD Security Bulletin AMD‑SB‑3030
Disable or restrict the System Management Network interface on affected processors until a patch is applied
Monitor system logs for unauthorized SMN activity and audit NBIO register access to detect potential exploitation attempts

Generated by OpenCVE AI on May 13, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

History

Wed, 13 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd epyc 8004 Series Processors Amd epyc 9004 Series Processors Amd epyc 9005 Series Processors Amd epyc Embedded 8004 Series Processors Amd epyc Embedded 9004 Series Processors Amd epyc Embedded 9005 Series Processors
Vendors & Products		Amd Amd epyc 8004 Series Processors Amd epyc 9004 Series Processors Amd epyc 9005 Series Processors Amd epyc Embedded 8004 Series Processors Amd epyc Embedded 9004 Series Processors Amd epyc Embedded 9005 Series Processors

Wed, 13 May 2026 05:15:00 +0000

Type	Values Removed	Values Added
Title		NBIO Register Lock Bit Exposure Grants Local Administrator Arbitrary SMN Access

Wed, 13 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
Weaknesses		CWE-1233
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}`

Subscriptions

Amd Epyc 8004 Series Processors Epyc 9004 Series Processors Epyc 9005 Series Processors Epyc Embedded 8004 Series Processors Epyc Embedded 9004 Series Processors Epyc Embedded 9005 Series Processors

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-05-13T03:03:31.455Z

Updated: 2026-05-14T03:56:03.690Z

Reserved: 2025-10-04T18:09:57.018Z

Link: CVE-2025-61972

Vulnrichment

Updated: 2026-05-13T14:37:04.138Z

NVD

Status : Awaiting Analysis

Published: 2026-05-13T04:17:34.867

Modified: 2026-05-13T14:49:11.830

Link: CVE-2025-61972

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T10:34:58Z

Weaknesses

CWE-1233

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object