AMD disclosed a critical security flaw named **RMPocalypse (CVE-2025-0033)** in its **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** mechanism, affecting multiple **EPYC processor series (7003, 8004, 9004, 9005, and Embedded variants)**. The vulnerability stems from **incomplete protections in the Reverse Map Paging (RMP) table initialization**, allowing attackers with **admin-level hypervisor access** to exploit a **race condition** during AMD Secure Processor (PSP) setup.Exploitation enables **arbitrary memory corruption**, bypassing SEV-SNP’s confidentiality and integrity guarantees. Attackers can **inject malicious code, forge security attestations, replay old states, or activate debug modes**, leading to **full compromise of confidential virtual machines (CVMs)** and **100% success rate in exfiltrating secrets**. While no evidence of active exploitation exists, the flaw undermines **cloud security foundations**, particularly in **Azure Confidential Computing (ACC)** and enterprise environments relying on AMD’s hardware-based isolation.Patches are available for most affected processors, though **Embedded 7003 and 9005 series fixes are delayed until November 2025**. The vulnerability highlights systemic risks in **trusted execution environments (TEEs)**, where **initialization gaps** can nullify all subsequent security assurances.
Source: https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html
TPRM report: https://www.rankiteo.com/company/amd
"id": "amd1932419101425",
"linkid": "amd",
"type": "Vulnerability",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['Cloud Service Providers (e.g., '
'Microsoft Azure)',
'Enterprise Customers Using '
'EPYC Processors',
'Supermicro Motherboard Users'],
'industry': 'Semiconductors/Chipmaking',
'location': 'Santa Clara, California, USA',
'name': 'Advanced Micro Devices (AMD)',
'type': 'Corporation'},
{'customers_affected': ['Azure Customers Using '
'AMD-based Confidential '
'Computing Clusters'],
'industry': 'Cloud Computing',
'location': 'Redmond, Washington, USA',
'name': 'Microsoft (Azure Confidential Computing)',
'type': 'Corporation'},
{'customers_affected': ['Customers Using Affected '
'Motherboard SKUs'],
'industry': 'Hardware/Server Manufacturing',
'location': 'San Jose, California, USA',
'name': 'Supermicro',
'type': 'Corporation'}],
'attack_vector': ['Local (Admin-Privileged Hypervisor)',
'Memory Manipulation'],
'customer_advisories': ['Apply firmware updates for affected EPYC processors.',
'Azure customers: Monitor Microsoft advisories for '
'ACC cluster remediation.',
'Review confidential workloads for potential exposure '
'due to SEV-SNP bypass.'],
'data_breach': {'data_encryption': ['SEV-SNP (Compromised Due to RMP '
'Corruption)'],
'data_exfiltration': True,
'sensitivity_of_data': 'High (Confidential Computing Secrets, '
'VM Memory Contents)',
'type_of_data_compromised': ['Guest Memory in CVMs',
'Secrets',
'Security Metadata in RMP '
'Table']},
'description': 'AMD has released fixes for a security flaw dubbed '
"'RMPocalypse' (CVE-2025-0033) that undermines the "
'confidentiality and integrity protections of Secure Encrypted '
'Virtualization with Secure Nested Paging (SEV-SNP). The '
'vulnerability, discovered by ETH Zürich researchers Benedict '
'Schlüter and Shweta Shinde, exploits incomplete protections '
"in AMD's Reverse Map Paging (RMP) table initialization, "
'allowing attackers to perform a single memory write to '
'corrupt the RMP. This can lead to arbitrary tampering with '
'confidential virtual machines (CVMs), exfiltration of '
'secrets, activation of hidden functions (e.g., debug mode), '
'attestation forgeries, replay attacks, and foreign code '
'injection. The flaw stems from a race condition during the '
'AMD Secure Processor (PSP) initialization of the RMP, '
'enabling a malicious hypervisor to manipulate its content. '
'AMD has assigned a CVSS v4 score of 5.9 to the vulnerability.',
'impact': {'brand_reputation_impact': ["Potential Erosion of Trust in AMD's "
'Confidential Computing Guarantees'],
'data_compromised': ['Sensitive Information in Confidential '
'Virtual Machines (CVMs)',
'Secrets (100% Success Rate)',
'Guest Memory Integrity'],
'operational_impact': ['Loss of SEV-SNP Guest Memory Integrity',
'Full Breach of Confidentiality',
'Bypass of Protective Functions in CVMs'],
'systems_affected': ['AMD EPYC™ 7003 Series Processors',
'AMD EPYC™ 8004 Series Processors',
'AMD EPYC™ 9004 Series Processors',
'AMD EPYC™ 9005 Series Processors',
'AMD EPYC™ Embedded 7003 Series Processors '
'(Fix planned for November 2025)',
'AMD EPYC™ Embedded 8004 Series Processors',
'AMD EPYC™ Embedded 9004 Series Processors',
'AMD EPYC™ Embedded 9005 Series Processors '
'(Fix planned for November 2025)',
'Azure Confidential Computing (ACC) AMD-based '
'clusters',
'Supermicro motherboards (requiring BIOS '
'updates)']},
'investigation_status': 'Ongoing (Patches Released; Embedded Series Fixes '
'Planned for November 2025)',
'lessons_learned': ['Incomplete protection mechanisms in hardware security '
'features (e.g., RMP) can create critical attack '
'surfaces.',
'Race conditions during initialization phases of security '
'components (e.g., PSP/RMP) require robust safeguards.',
'Single memory corruption (e.g., 8-byte overwrite in RMP) '
'can fully compromise system-wide integrity and '
'confidentiality.',
'Hypervisor-level attacks can undermine confidential '
'computing guarantees, necessitating defense-in-depth '
'strategies.'],
'post_incident_analysis': {'corrective_actions': ['AMD patches to eliminate '
'race condition in RMP '
'initialization.',
'BIOS updates for '
'Supermicro motherboards to '
'enforce RMP integrity.',
'Microsoft remediation for '
'Azure ACC clusters to '
'prevent hypervisor-level '
'exploitation.',
'Planned fixes for embedded '
'EPYC series (November '
'2025).'],
'root_causes': ['Race condition during AMD Secure '
'Processor (PSP) initialization of '
'the RMP table.',
'Inadequate protection of RMP '
'during VM startup, creating a '
'window for corruption.',
'Single memory write vulnerability '
'in RMP leading to system-wide '
'compromise.',
'Design assumption that RMP would '
'be fully protected during '
'initialization proved flawed.']},
'recommendations': ['Apply AMD-provided patches and BIOS updates immediately '
'for affected EPYC processors.',
'Cloud providers (e.g., Azure) should prioritize '
'remediation for confidential computing clusters.',
'Implement additional runtime integrity checks for RMP '
'tables to detect tampering.',
'Conduct third-party audits of hardware security '
'mechanisms (e.g., SEV-SNP) to identify design gaps.',
'Monitor for anomalous hypervisor activity that may '
'indicate RMP manipulation attempts.',
'Evaluate compensatory controls (e.g., memory encryption, '
'attestation enhancements) for systems awaiting patches.'],
'references': [{'source': 'AMD Security Advisory for CVE-2025-0033'},
{'source': 'ETH Zürich Research Paper on RMPocalypse'},
{'source': 'Microsoft Azure Advisory on CVE-2025-0033'},
{'source': 'Supermicro Security Bulletin'},
{'source': "The Hacker News - 'RMPocalypse: New AMD Flaw "
'Breaks SEV-SNP Confidential Computing '
"Guarantees'"}],
'response': {'communication_strategy': ['AMD Security Advisory (Released '
'Monday)',
'Public Disclosure via ETH Zürich '
'Research Paper'],
'containment_measures': ['AMD-Released Patches',
'BIOS Updates for Supermicro '
'Motherboards',
'Microsoft Remediation for Azure ACC'],
'incident_response_plan_activated': True,
'remediation_measures': ['Fixes for EPYC Processors (Planned for '
'November 2025 for Embedded 7003/9005 '
'Series)'],
'third_party_assistance': ['ETH Zürich Researchers (Benedict '
'Schlüter, Shweta Shinde)']},
'stakeholder_advisories': ['AMD Customers',
'Cloud Service Providers',
'Enterprise IT Administrators',
'Supermicro Motherboard Users'],
'title': 'RMPocalypse Vulnerability in AMD SEV-SNP (CVE-2025-0033)',
'type': ['Vulnerability',
'Memory Corruption',
'Race Condition',
'Privilege Escalation'],
'vulnerability_exploited': 'CVE-2025-0033 (Race Condition in AMD SEV-SNP RMP '
'Initialization)'}