CVE-2025-48514 — Insufficient Granularity of Access Control in Amd64-microcode

CWE-1220 — Insufficient Granularity of Access Control5 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.0%

top 95.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Amd64-microcode

Timeline

PublishedFeb 10

Description

Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages1 packages

▶debiandebian/amd64-microcode

🔴Vulnerability Details

GHSA

GHSA-fjcx-f2hr-qjjr: Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially r↗2026-02-10

▶

OSV

CVE-2025-48514: Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially r↗2026-02-10

▶

📋Vendor Advisories

Debian

CVE-2025-48514: amd64-microcode - Insufficient Granularity of Access Control in SEV firmware can allow a privilege...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-48514 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶