CVE-2025-54511 PUBLISHED

Assigner: AMD
Reserved: 23.07.2025 Published: 15.05.2026 Updated: 15.05.2026

Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 5.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	MI-25
Versions	Default: affected Version 23.10 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI250
Versions	Default: affected Version ROCm 6.3 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI210
Versions	Default: affected Version ROCm 6.3 is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V520
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V620
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

Problem Types

CWE-274 Improper Handling of Insufficient Privileges CWE