VDB

CISA-2025-0032

CISA-2025-0032 PUBLISHED CVSS 7.2 HIGH

Reported by AMD · Published September 6, 2025

Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.

Risk Scores

CVSS 3.1
7.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Affected Products

VendorProductVersions
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.4
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.1b
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3c
AMDAMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0a
AMDAMD Ryzen™ Al Max+StrixHaloPI-FP11_1.0.0.1
AMDAMD Ryzen™ Threadripper™ 9000 seriesShimadaPeakPI-SP6 1.0.0.1
AMDAMD EPYC™ Embedded 9000 Series ProcessorsEmbturin PI 1.0.0.0
AMDAMD Ryzen™ AI 300 Series ProcessorsStrixKrackanPI-FP8_1.1.0.1b, StrixKrackanPI-FP8_1.1.0.1b
AMDAMD Ryzen™ Threadripper™ 9000 seriesShimadaPeakPI-SP6 1.0.0.1, ShimadaPeakPI-SP6 1.0.0.1
AMDAMD Ryzen™ Al Max+StrixHaloPI-FP11_1.0.0.1, StrixHaloPI-FP11_1.0.0.1
AMDAMD EPYC™ Embedded 9000 Series Processors*, Embturin PI 1.0.0.0
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI 1.2.0.3c, ComboAM5PI 1.2.0.3c
AMDAMD Ryzen™ 9000HX Series ProcessorsFireRangeFL1PI 1.0.0.0a, *
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.4, *

Timeline

  • Sep 6, 2025 CVE Published
  • Feb 26, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›