NVD - cve-2025-54518
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Information Technology Laboratory
National Vulnerability Database
National Vulnerability Database
NVD
Vulnerabilities
CVE-2025-54518<br>Detail
Awaiting Enrichment
This CVE record has been marked for NVD enrichment efforts.
Description
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Metrics
 
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate<br>vector strings. CVSS information contributed by other sources is also<br>displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
N/A
NVD assessment<br>not yet provided.
CNA: Advanced Micro Devices Inc.
CVSS-B 7.3 HIGH
Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N<br>CVSS v4.0 Severity and Metrics:CVSS-B: 7.3 HIGHVector: AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NAttack Vector (AV): LocalAttack Complexity (AC): HighAttack Requirements (AT): NonePrivileges Required (PR): LowUser Interaction (UI): NoneVulnerable System Confidentiality (VC): HighVulnerable System Integrity (VI): HighVulnerable System Availability (VA): HighSubsequent System Confidentiality (SC): NoneSubsequent System Integrity (SI): NoneSubsequent System Availability (SA): None "/>
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Base<br>Score: N/A
NVD assessment<br>not yet provided.
-->
-->
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base<br>Score: N/A
NVD assessment<br>not yet provided.
-->
-->
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.<br>We have provided these links to other web sites because they<br>may have information that would be of interest to you. No<br>inferences should be drawn on account of other sites being<br>referenced, or not, from this page. There may be other web<br>sites that are more appropriate for your purpose. NIST does<br>not necessarily endorse the views expressed, or concur with<br>the facts presented on these sites. Further, NIST does not<br>endorse any commercial products that may be mentioned on<br>these sites. Please address comments about this page to [email protected].
URL<br>Source(s)<br>Tag(s)
http://www.openwall.com/lists/oss-security/2026/05/12/15
CVE
http://xenbits.xen.org/xsa/advisory-490.html
CVE
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html
Advanced Micro Devices Inc.
Weakness Enumeration
CWE-ID<br>CWE Name<br>Source
CWE-1189
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Advanced Micro Devices Inc.
Change History
2 change records found show changes
CVE Modified by CVE 5/15/2026 1:16:33 AM
Action<br>Type<br>Old Value<br>New Value
Added<br>Reference
http://www.openwall.com/lists/oss-security/2026/05/12/15
Added<br>Reference
http://xenbits.xen.org/xsa/advisory-490.html
New CVE Received from Advanced Micro Devices Inc. 5/15/2026 1:16:33 AM
Action<br>Type<br>Old Value<br>New Value
Added<br>Description
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Added<br>CVSS V4.0
AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added<br>CWE
CWE-1189
Added<br>Reference
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html
Quick Info
CVE Dictionary Entry:<br>CVE-2025-54518<br>NVD<br>Published Date:<br>05/15/2026<br>NVD<br>Last Modified:<br>05/15/2026
Source:<br>Advanced Micro Devices Inc.