CVE-2025-52533 — On-Chip Debug and Test Interface With Improper Access Control in AMD Epyc 7001 Series Processors

CWE-1191 — On-Chip Debug and Test Interface With Improper Access Control CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 84.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7001 Series Processors AMD Epyc 7002 Series Processors AMD Epyc Embedded 3000 Series Processors +1 more

Timeline

PublishedFeb 12

Description

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Packages4 packages

▶CVEListV5amd/amd_epyc_7001_series_processorsNo Fix Planned

▶CVEListV5amd/amd_epyc_7002_series_processorsNo Fix Planned

▶CVEListV5amd/amd_epyc_embedded_3000_series_processorsNo fix planned

▶CVEListV5amd/amd_epyc_embedded_7002_series_processorsNo fix planned

🔴Vulnerability Details

GHSA

GHSA-pj3r-q6m4-wfcw: Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data co↗2026-02-12

▶

CVEList

CVE-2025-52533: Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data co↗2026-02-12

▶

📋Vendor Advisories

Microsoft

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.↗2024-11-12

▶