This vulnerability (CVE-2025-61971) concerns a security-sensitive hardware control issue in AMD EPYC™ 9004 Series Processors. Specifically, the NBIO registers lack lock bit protection, enabling a local attacker with high privileges to alter MMIO routing configurations. This alteration can compromise the integrity of SEV-SNP guests, which rely on secure memory encryption and integrity protections. The CVSS 4.0 base score is 5.9, reflecting a medium severity with local attack vector, low attack complexity, and no user interaction required. No official remediation or patch has been documented by AMD as of the published date.

A local administrator-level attacker could exploit this vulnerability to modify memory-mapped I/O routing configurations, potentially undermining the integrity protections of SEV-SNP guests. This could lead to a loss of confidentiality and integrity guarantees for virtual machines relying on SEV-SNP technology. However, exploitation requires local privileged access, limiting the scope of impact. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been provided by AMD, organizations should monitor AMD advisories for updates. Until a patch is available, restrict local administrative access to trusted personnel only to reduce risk.