CVE-2025-54502

Published Apr 16, 2026

Last updated 2 months ago

CVSS high 7.1

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-54502 is a vulnerability found in WebKit, which could lead to an unexpected process crash when processing maliciously crafted web content. This issue was addressed through improved checks by Apple. The fix has been implemented in various Apple operating systems and browsers, including watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, and Safari 18.2.

Description
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
Source
psirt@amd.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

psirt@amd.com
CWE-668

Social media

Hype score
Not currently trending

  1. CVE-2025-54502 Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privile… https://t.co/3TNp9jEqt7

    @CVEnew

    17 Apr 2026

    104 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. The research has been published. In it, I describe the structure of APCB, show the functionality of the SMM driver that responds to it, and show where the CVE-2025-54502 vulnerability was. https://t.co/ljqoLjJtP1

    @xsh3llsh0ck

    15 Apr 2026

    2475 Impressions

    5 Retweets

    17 Likes

    8 Bookmarks

    0 Replies

    2 Quotes

  3. 🔥 Read the new article by our researcher Timofey Duditsky. The write-up dives into the AMD Platform Configuration Blobs mechanism, shows how it works, and reveals the vulnerability CVE-2025-54502. https://t.co/DQHz8M5bRN https://t.co/bJzYSDZfn8

    @ptswarm

    15 Apr 2026

    2007 Impressions

    11 Retweets

    26 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  4. AMD has published Security Bulletin AMD-SB-7054 with my vulnerability CVE-2025-54502. There has been no feedback on my research (as well as my mention), so I will publish my work as it is and as soon as possible.

    @xsh3llsh0ck

    14 Apr 2026

    3161 Impressions

    4 Retweets

    26 Likes

    10 Bookmarks

    2 Replies

    0 Quotes

References

Sources include official advisories and independent security research.