CVE-2025-0040

Summary

Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.Bunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.2.0.3dunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI 1.1.0.3dunaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.Bunaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.2unaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References