CVE-2025-48514

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest,…

AMD·CWE-1220·Published 2026-02-10

CVSS

—

EPSS

0.00

KEV

Exploits

cve.orgen

188 chars

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

NVDen

188 chars

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

NVDes

226 chars

Granularidad Insuficiente del Control de Acceso en el firmware de SEV puede permitir a un atacante privilegiado crear un invitado SEV-ES para atacar a un invitado SNP, lo que podría resultar en una pérdida de confidencialidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
4.0	Primary	cve.org	4.0	—	—	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
4.0	Secondary	NVD	4.0	—	—