Microsoft is aware of AMD-SB-3020 | CVE-2025-0033 disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit. Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts.
When will an update be available to address this vulnerability? Updates to mitigate this vulnerability in Azure Confidential Computing's (ACC) AMD-based clusters are being developed but are not yet complete. Once complete, the updates with be deployed across all AMD-based infrastructure and customers will be notified via Azure Service Health Alerts if they are required to reboot their ACC resources. The Security Updates table for this CVE will be updated immediately upon availability of the mitigated versions for any affected ACC product SKUs. Additionally, customers who have subscribed to the Security Update Guide will be notified when this CVE is revised to indicate updates are available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE.
Benedict Schlueter, Supraja Sridhara, and Shweta Shinde from ETH Zurich