CVE-2025-54502 HIGH

CVE-2025-54502

Weakness CWE-668
Published April 16, 2026
Last update June 30, 2026

CVSS base score

7.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Key dates

02Disclosure timeline

April 16, 2026 CVE published
June 30, 2026 Record updated