Missing Lock Bit on AMD NBIO Registers Enables Local Privileged Code Execution
CVE-2025-61972 Published on May 13, 2026

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.

NVD

Weakness Type

Improper Hardware Lock Protection for Security Sensitive Controls

The product implements a register lock bit protection feature that permits security sensitive controls to modify the protected configuration.

Affected Versions

AMD EPYC™ 9004 Series Processors:

Version GenoaPI_1.0.0.H is unaffected.

AMD EPYC™ 9005 Series Processors:

Version TurinPI_1.0.0.8 is unaffected.

AMD EPYC™ 8004 Series Processors:

Version GenoaPI_1.0.0.H is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"):

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"):

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 8004 Series Processors:

Version EmbGenoaPI-SP5 1.0.0.D is unaffected.

AMD EPYC™ Embedded 9005 Series Processors:

Version EmbeddedTurinPI_SP5_1004 is unaffected.

Exploit Probability

EPSS

0.01%

Percentile

1.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Missing Lock Bit on AMD NBIO Registers Enables Local Privileged Code ExecutionCVE-2025-61972 Published on May 13, 2026

Weakness Type

Improper Hardware Lock Protection for Security Sensitive Controls

Affected Versions

Exploit Probability

Missing Lock Bit on AMD NBIO Registers Enables Local Privileged Code Execution
CVE-2025-61972 Published on May 13, 2026