CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

CVSS

No CVSS.

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Sanitización insuficiente de parámetros en el Boot Loader del Procesador Seguro de AMD (ASP) podría permitir a un atacante con acceso a la actualización de SPIROM sobrescribir la memoria, lo que podría resultar en ejecución de código arbitrario.

10 Feb 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 20:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-48515

Mitre link : CVE-2025-48515

CVE.ORG link : CVE-2025-48515

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-48515", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T20:16:45.250", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html", "source": "psirt@amd.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution."}, {"lang": "es", "value": "Sanitizaci\u00f3n insuficiente de par\u00e1metros en el Boot Loader del Procesador Seguro de AMD (ASP) podr\u00eda permitir a un atacante con acceso a la actualizaci\u00f3n de SPIROM sobrescribir la memoria, lo que podr\u00eda resultar en ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@amd.com"}