Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-48515

Severity CVSS v4.0:
MEDIUM
Type:
CWE-190 Integer Overflow or Wraparound
Publication date:
10/02/2026
Last modified:
10/02/2026

Description

Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

Impact

Vector 4.0
CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 5.40 MEDIUM
Vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector (AV): Physical
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): Passsive
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0
5.40
Severity 4.0
MEDIUM

References to Advisories, Solutions, and Tools