CVE-2025-54509: AMD IOMMU Improper Access Control Enables Privileged ASP Tampering
CVE-2025-54509 Published on June 9, 2026

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

NVD

Weakness Type

Register Interface Allows Software Access to Sensitive Data or Security Settings

Memory-mapped registers provide access to hardware functionality from software and if not properly secured can result in loss of confidentiality and integrity.

Affected Versions

AMD EPYC™ 9004 Series Processors:

Version GenoaPI_1.0.0.H is unaffected.

AMD EPYC™ 9005 Series Processors:

Version TurinPI_1.0.0.8 is unaffected.

AMD EPYC™ 8004 Series Processors:

Version GenoaPI_1.0.0.H is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"):

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"):

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 8004 Series Processors:

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 9005 Series Processors:

Version EmbeddedTurinPI_SP5_1004 is unaffected.

Exploit Probability

EPSS

0.11%

Percentile

1.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2025-54509: AMD IOMMU Improper Access Control Enables Privileged ASP TamperingCVE-2025-54509 Published on June 9, 2026

Weakness Type

Register Interface Allows Software Access to Sensitive Data or Security Settings

Affected Versions

Exploit Probability

CVE-2025-54509: AMD IOMMU Improper Access Control Enables Privileged ASP Tampering
CVE-2025-54509 Published on June 9, 2026