CVE-2025-54515

CVSS 1 LOWEPSS 0.1%CWE-1284

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

23 Nov 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state.

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected products

AMD · Alveo™ V80 Compute Accelerator AMD · Versal™ Adaptive SoC Devices AMD · Versal™ AI Core Series AMD · Versal™ AI Edge Series AMD · Versal™ HBM Series AMD · Versal™ Premium Series AMD · Versal™ Prime Series AMD · Versal™ RF Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8020.html