- Description
- Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
- Source
- psirt@amd.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- psirt@amd.com
- CWE-668
- Hype score
- Not currently trending
CVE-2025-54502 Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privile… https://t.co/3TNp9jEqt7
@CVEnew
17 Apr 2026
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The research has been published. In it, I describe the structure of APCB, show the functionality of the SMM driver that responds to it, and show where the CVE-2025-54502 vulnerability was. https://t.co/ljqoLjJtP1
@xsh3llsh0ck
15 Apr 2026
2475 Impressions
5 Retweets
17 Likes
8 Bookmarks
0 Replies
2 Quotes
🔥 Read the new article by our researcher Timofey Duditsky. The write-up dives into the AMD Platform Configuration Blobs mechanism, shows how it works, and reveals the vulnerability CVE-2025-54502. https://t.co/DQHz8M5bRN https://t.co/bJzYSDZfn8
@ptswarm
15 Apr 2026
2007 Impressions
11 Retweets
26 Likes
6 Bookmarks
0 Replies
1 Quote
AMD has published Security Bulletin AMD-SB-7054 with my vulnerability CVE-2025-54502. There has been no feedback on my research (as well as my mention), so I will publish my work as it is and as soon as possible.
@xsh3llsh0ck
14 Apr 2026
3161 Impressions
4 Retweets
26 Likes
10 Bookmarks
2 Replies
0 Quotes