LiveActive security incident?Get immediate response
CVE Record

CVE-2025-54502: Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privil...

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This AMD firmware issue affects the APCB SMM driver. A person who already has deep local control of a system could potentially escalate into highly privileged firmware execution. It is not a remote entry point, but it matters because SMM compromise can undermine operating system defenses and persistence controls.

Executive priority

Treat as a high-priority firmware maintenance item, not an emergency remote-exploitation event based on current sources. Focus first on critical AMD-based infrastructure and systems where privileged compromise would create severe business impact or persistence risk.

Technical view

CVE-2025-54502 is an incorrect boot-service use flaw in AMD Platform Configuration Blob SMM driver code. The CVSS vector requires local access, high attack complexity, and high privileges, with changed scope and high confidentiality, integrity, and availability impact. Affected AMD platform initialization firmware versions span listed EPYC, Ryzen, Threadripper, Athlon, and Instinct platforms.

Likely exposure

Exposure is most likely on systems using the affected AMD processor families and listed PI or APCB firmware versions, especially servers, workstations, and high-value endpoints where attackers could obtain Ring 0 privileges. OEM firmware packaging may obscure exact PI versions, so hardware and BIOS inventory are important.

Exploitation context

The sources do not show CISA KEV listing or confirmed active exploitation. Exploitation requires a privileged local attacker, so this is mainly a post-compromise escalation and firmware-control risk rather than an internet-facing vulnerability.

Researcher notes

Key gaps are patch mapping and OEM-specific fixed BIOS versions. The available data identifies affected AMD platform firmware versions and impact, but does not provide exploit details or a universal remediation package. Validation should stay platform-specific and advisory-driven.

Mitigation direction

  • Check AMD and OEM advisories for firmware or BIOS updates for each affected platform.
  • Prioritize firmware updates on servers, virtualization hosts, and administrative workstations.
  • Restrict local administrator, kernel driver, and physical access to affected systems.
  • Monitor AMD, Red Hat, OEM, and CISA KEV updates for new remediation or exploitation evidence.

Validation and detection

  • Inventory systems for the affected AMD processor families listed in the advisory.
  • Compare BIOS, UEFI, or platform initialization versions against AMD and OEM guidance.
  • Confirm whether OEM firmware release notes include CVE-2025-54502 or AMD-SB-7054.
  • Review endpoint controls limiting Ring 0 paths, unsigned drivers, and unauthorized firmware changes.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-648: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cwe · low confidence lookup

CWE-668: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
description · low confidence lookup

Privilege behavior lookup

The CVE wording references privilege impact, so privilege escalation and authorization behavior review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2025-54502 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

2CVSS vectors
5Timeline events
2ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total

CVSS vector scores

2 official scores

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H0.86redhat-SADP
7.1CVSS 4.0HighCVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NAMD

Vulnerability scoring details

Base CVSS 4.0 score

7.1High
CVSS 4.0 vector shape for CVE-2025-54502Attack VectorAttack ComplexityAttack RequirementsPrivileges RequiredUser InteractionVS ConfidentialityVS IntegrityVS AvailabilitySS ConfidentialitySS IntegritySS Availability

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Attack Requirements
NonePresent
Privileges Required
NoneLowHigh
User Interaction
NonePassiveActive
VS Confidentiality
HighLowNone
VS Integrity
HighLowNone
VS Availability
HighLowNone
SS Confidentiality
HighLowNone
SS Integrity
HighLowNone
SS Availability
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. ADP timelineredhat-SADP

    Made public.

  3. CVE publishedCVE Program

    The CVE record was published.

  4. ADP timelineredhat-SADP

    Reported to Red Hat.

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
redhat-SADPAMD Platform Configuration Blob: APCB SMM driver: kernel: linux-firmware: AMD APCB SMM driver: Arbitrary Code Execution via incorrect boot service use
other:Red Hat severity ratingcvssV3_1
  • 2026-04-16T20:00:50.766Z: Reported to Red Hat.
  • 2026-04-16T18:46:13.377Z: Made public.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
AMDAMD EPYC™ 9004 Series ProcessorsGenoaPI_1.0.0.Haffected
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI-SP3_1.0.0.Jaffected
AMDAMD EPYC™ 7002 Series ProcessorsRome-1.0.0.Paffected
AMDAMD EPYC™ 4004 Series ProcessorsComboAM5PI 1.0.0.daffected
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI-SP5_1.0.0.9affected
AMDAMD Instinct™ MI300A Series ProcessorsMI300A 1.0.0.Caffected
AMDAMD EPYC™ 9V64H ProcessorMI300C 1.0.0.3affected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI_1.0.0.Haffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Edaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsRembrandtPI-FP7_1.0.0.Bgaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5_1.0.1.2eaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0faffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6_1.0.0.7gaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1PI 1.0.0.3kaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.daffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.10affected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.Daffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1daffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Iaffected
AMDAMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0daffected
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.0eaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.Daffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1m, StormPeakPI-SP6_1.1.0.0kaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3faffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3haffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3faffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.2.0.3haffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3haffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1daffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1daffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.