Описание
AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Microsoft is aware of AMD-SB-3020 | CVE-2025-0033 disclosed by AMD on October 13, 2025.
CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit.
Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
FAQ
When will an update be available to address this vulnerability?
Updates to mitigate this vulnerability in Azure Confidential Computing's (ACC) AMD-based clusters are being developed but are not yet complete. Once complete, the updates with be deployed across all AMD-based infrastructure and customers will be notified via Azure Service Health Alerts if they are required to reboot their ACC resources. The Security Updates table for this CVE will be updated immediately upon availability of the mitigated versions for any affected ACC product SKUs.
Additionally, customers who have subscribed to the Security Update Guide will be notified when this CVE is revised to indicate updates are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.2 High
CVSS3
Связанные уязвимости
Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
Improper access control within AMD SEV-SNP could allow an admin privil ...
Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
Уязвимость прошивки SEV-SNP микропрограммного обеспечения графических процессоров AMD, связанная с ошибками разграничения доступа, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
8.2 High
CVSS3