CVE-2025-48515

CVSS 5.4 MEDIUMEPSS 0.1%CWE-190

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

AMD · AMD Ryzen™ 4000 Series Desktop Processors AMD · AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics AMD · AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ Embedded V2000 Series Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html