CVE-2025-48515

Summary

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6 1.0.0.Edunaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1cunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1cunaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsRenoirPI-FP6_1.0.0.Ecunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI_1.2.0.11unaffected
AMDAMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.Dunaffected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References