Skip to main content

AMD Secure Processor CVE-2025-54511

| EUVDEUVD-2025-209878 MEDIUM
Improper Handling of Insufficient Privileges (CWE-274)
2026-05-15 AMD GHSA-w6gm-fvfm-9m36
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:33 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
5.3 (MEDIUM)
CVE Published
May 15, 2026 - 02:45 nvd
MEDIUM 5.3

DescriptionCVE.org

Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.

AnalysisAI

Improper privilege validation in AMD Secure Processor (ASP) allows authenticated local attackers to write data to restricted memory regions, compromising data integrity and potentially affecting system availability. The vulnerability affects AMD MI-25, MI250, MI210 accelerators and AMD Radeon Pro V520/V620 GPUs. No public exploit code has been identified, but the low attack complexity and authenticated network access vector indicate moderate real-world risk in data center and AI/ML environments where these devices are deployed.

Technical ContextAI

The AMD Secure Processor is a dedicated security coprocessor embedded in AMD EPYC processors, MI-series AI accelerators, and Radeon Pro GPUs that enforces security policies, manages encryption keys, and controls privileged operations. The vulnerability stems from CWE-274 (Improper Handling of Insufficient Privileges), a class of authorization flaws where the system fails to properly validate that an entity possesses required privilege levels before granting access to protected functions or memory regions. This specific instance involves a function that accepts input values without adequately checking the caller's privilege level, allowing an authenticated user with lower privileges to write data that should be restricted to higher-privilege contexts, such as secure firmware regions, attestation data, or encrypted memory pools.

RemediationAI

Contact AMD for firmware updates to the affected Secure Processor implementations; patches are referenced in AMD Security Bulletin AMD-SB-6027 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html. Organizations should prioritize updating systems in multi-tenant environments or those with untrusted user access. Until updates are available, restrict local user privileges on systems running affected MI-25, MI250, MI210, and Radeon Pro V520/V620 devices, enforce network-level access controls to limit remote connections to systems hosting these GPUs, and audit access logs for unauthorized ASP function calls if logging is available. Disable guest or unprivileged user access to GPU compute services if business operations permit. Note trade-offs: restricting user privileges may impact shared HPC or cloud workload scheduling; network isolation may reduce performance if applications require inter-node GPU communication.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2025-54511 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy