CVE-2025-0033

medium

Description

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.

References

References
More

https://docs.cloud.google.com/support/bulletins/index#gcp-2025-065

https://latesthackingnews.com/2025/10/28/microsoft-october-patch-tuesday-is-huge-with-170-fixes/

https://www.securityweek.com/microsoft-patches-173-vulnerabilities-including-exploited-windows-flaws/

https://www.infosecurity-magazine.com/news/last-windows-10-patch-tuesday-six/

https://www.securityweek.com/rmpocalypse-new-attack-breaks-amd-confidential-computing/

https://www.databreachtoday.com/confidential-virtual-machine-flaw-amd-patch-push-underway-a-29721

https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html

https://rmpocalypse.github.io/#abstract

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3020.html

https://rmpocalypse.github.io/

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2025-10-14

Named Vulnerability: RMPocalypse

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N