CVE-2025-54510
CVE-2025-54510 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-414.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.9)
- EPSS exploit prediction: 0% (1st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-209510
- Weakness: CWE-414
- Published:
- Last modified:
Description
A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.
Frequently asked questions
- What is CVE-2025-54510?
- A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.
- How severe is CVE-2025-54510?
- CVE-2025-54510 has a CVSS 4.0 base score of 5.9, rated medium severity.
- Is CVE-2025-54510 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-54510?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-54510 have an EU (EUVD) identifier?
- Yes. CVE-2025-54510 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-209510.
- When was CVE-2025-54510 published?
- CVE-2025-54510 was published on 2026-04-16 and last updated on 2026-06-17.
References
Other CWE-414 vulnerabilities
- CVE-2026-54906 — Critical (CVSS 9.8): concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock…
- CVE-2025-54625 — Medium (CVSS 6.7): Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability…
- CVE-2023-5447 — Medium (CVSS 5.5): Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the…