CVE-2025-0040: CWE-284 Improper Access Control in AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-0040) concerns improper access control (CWE-284) in AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics. Specifically, the access control between the Joint Test Action Group (JTAG) interface and the Advanced Extensible Interface (AXI) is flawed. An attacker with physical access could leverage this to read or overwrite cross-chip debug (XCD) registers, potentially compromising data integrity or confidentiality. The CVSS 4.0 base score is 5.3, reflecting medium severity, with attack vector requiring physical presence and high attack complexity. No patch or remediation level is currently provided by AMD, and no known exploits have been observed.
Potential Impact
An attacker with physical access to the affected processors could exploit the improper access control to read or modify sensitive debug registers. This could result in unauthorized disclosure or alteration of data within the processor, impacting data integrity and confidentiality. However, exploitation requires physical access and is considered complex, limiting the scope of impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided by AMD at this time, monitor AMD's advisories for updates. Physical security controls to prevent unauthorized physical access to affected devices are recommended as a precaution.
CVE-2025-0040: CWE-284 Improper Access Control in AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
Description
Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-0040) concerns improper access control (CWE-284) in AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics. Specifically, the access control between the Joint Test Action Group (JTAG) interface and the Advanced Extensible Interface (AXI) is flawed. An attacker with physical access could leverage this to read or overwrite cross-chip debug (XCD) registers, potentially compromising data integrity or confidentiality. The CVSS 4.0 base score is 5.3, reflecting medium severity, with attack vector requiring physical presence and high attack complexity. No patch or remediation level is currently provided by AMD, and no known exploits have been observed.
Potential Impact
An attacker with physical access to the affected processors could exploit the improper access control to read or modify sensitive debug registers. This could result in unauthorized disclosure or alteration of data within the processor, impacting data integrity and confidentiality. However, exploitation requires physical access and is considered complex, limiting the scope of impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided by AMD at this time, monitor AMD's advisories for updates. Physical security controls to prevent unauthorized physical access to affected devices are recommended as a precaution.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMD
- Date Reserved
- 2024-11-21T16:18:07.633Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a068dbfec166c07b09ac97b
Added to database: 5/15/2026, 3:06:39 AM
Last enriched: 5/15/2026, 3:23:19 AM
Last updated: 5/16/2026, 6:26:54 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.