Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality.
AnalysisAI
Unauthenticated attackers with knowledge of the KVM key download endpoint URL can retrieve sensitive cryptographic keys without authentication, compromising confidentiality of encrypted communications and system secrets. This affects AMD KVM implementations and requires no special user interaction, though attackers must possess prior knowledge of the specific endpoint URL. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
KVM (Kernel-based Virtual Machine) key download endpoints are components that provision cryptographic material to virtual machines and hypervisor systems. The vulnerability stems from missing authentication controls on this sensitive endpoint (CWE-306: Missing Authentication for Critical Function), allowing direct unauthenticated HTTP/HTTPS requests to retrieve key material. The CVSS vector indicates network-accessible attack surface (AV:N) with low attack complexity (AC:L), though attack timing is not negligible (AT:P suggests some temporal factors). The impact is limited to confidentiality loss (VC:L) with no integrity or availability impact, indicating key exfiltration rather than code execution or system disruption.
RemediationAI
Consult AMD Security Bulletin AMD-SB-9023 for vendor-released patches and specific version updates applicable to your KVM deployment. As an immediate compensating control, restrict network access to the KVM key download endpoint using firewall rules, network access control lists, or API gateway authentication layers to permit only trusted administrative systems and hypervisor hosts. Implement authentication and authorization checks on the endpoint itself if possible through configuration or administrative controls, ensuring all requests require valid credentials before key material is returned. Audit access logs to identify any unauthorized key download attempts. Review network segmentation to ensure KVM management endpoints are isolated from untrusted networks. If KVM services can be temporarily disabled without operational impact, consider disabling the endpoint until patches are applied. Verify with AMD whether the endpoint URL has changed or can be relocated to a non-discoverable path as a temporary mitigation.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209845
GHSA-mxr8-33jp-5x6f