CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

RMPocalypse Vulnerability in AMD Secure Encrypted Virtualization

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Academic researchers from ETH Zurich discovered a vulnerability in AMD processors that affects the integrity of confidential computing. The flaw, named RMPocalypse, allows a malicious hypervisor to corrupt the Reverse Map Table (RMP) during initialization, compromising the security guarantees of AMD's Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). The vulnerability, tracked as CVE-2025-0033, impacts multiple AMD EPYC and EPYC Embedded series processors. AMD has released patches to OEMs, and Microsoft is working on updates for Azure Confidential Computing's AMD-based clusters. Supermicro has also acknowledged the vulnerability and will require BIOS updates for impacted motherboard SKUs. The RMPocalypse exploit enables attackers to break confidentiality and integrity guarantees of SEV-SNP, potentially allowing for debug access, fake attestation, VMSA state replay, and code injection. The exploit can be triggered by a single 8-byte write to the RMP, resulting in a full breach of confidentiality and integrity guarantees of SEV-SNP.

Timeline

  1. 14.10.2025 13:52 2 articles · 10h ago

    RMPocalypse Vulnerability in AMD SEV-SNP Disclosed

    The vulnerability, tracked as CVE-2025-0033, impacts multiple AMD EPYC and EPYC Embedded series processors, including the 7003, 8004, 9004, and 9005 Series Processors. The exploit can be triggered by a single 8-byte write to the RMP, resulting in a full breach of confidentiality and integrity guarantees of SEV-SNP. Supermicro has acknowledged the vulnerability and will require BIOS updates for impacted motherboard SKUs.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical Redis Lua Use-After-Free Vulnerability Exploitable for Remote Code Execution

A critical vulnerability in Redis, tracked as CVE-2025-49844 and dubbed "RediShell", allows authenticated attackers to achieve remote code execution on vulnerable instances. The flaw, a 13-year-old use-after-free weakness in the Redis Lua scripting engine, affects all versions of Redis and can be exploited to gain full access to the host system. Successful exploitation can lead to data exfiltration, encryption, or lateral movement within cloud environments. The vulnerability impacts approximately 330,000 exposed Redis instances, with around 60,000 of them not requiring authentication. Patches have been released in versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2, and administrators are urged to update their instances immediately. Additional patches have been released for versions 7.22.2-12, 7.8.6-207, 7.4.6-272, 7.2.4-138, and 6.4.2-131. Temporary workarounds include setting an access control list (ACL) to restrict EVAL and EVALSHA commands. The vulnerability was discovered and reported by cloud security company Wiz on May 16, 2025. The flaw was jointly disclosed by Redis and Wiz on October 3, 2025. There is no evidence that the vulnerability was exploited in the wild. The flaw exploits a use-after-free (UAF) memory corruption bug, allowing attackers to escape the Lua sandbox and achieve arbitrary code execution. Wiz recommended implementing Redis authentication and network access controls, and urged organizations to prioritize patching Redis instances exposed to the Internet.

Open in new tab

Battering RAM Attack Bypasses Intel and AMD Cloud Security Protections

A group of academics from KU Leuven and the University of Birmingham have demonstrated a new vulnerability called Battering RAM. This vulnerability bypasses the latest defenses on Intel and AMD cloud processors, compromising Intel's Software Guard Extensions (SGX) and AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack leverages a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The vulnerability affects systems using DDR4 memory, particularly those relying on confidential computing workloads in public cloud environments. Successful exploitation can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads. The vulnerability was reported to the vendors earlier this year, but defending against Battering RAM would require a fundamental redesign of memory encryption itself. The attack is an evolution of the previous BadRAM attack, which exploited physical address aliasing to modify and replay encrypted memory on AMD SEV-SNP systems. The Battering RAM attack introduces dynamic memory aliases at runtime, allowing it to bypass Intel's and AMD's mitigations for BadRAM. Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that also bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. WireTap can be used to undermine confidentiality and integrity guarantees in SGX-backed blockchain deployments. Intel and AMD have acknowledged the exploits but consider physical attacks on DRAM out of scope for their current products. Intel's cryptographic integrity protection mode of Intel Total Memory Encryption-Multi-Key (Intel TME-MK) can provide additional protection against alias-based attacks. The researchers' exploits demonstrate that confidential computing is not invincible, and defenders should reevaluate threat models to better understand and prepare for physical attacks.

Open in new tab

WeepSteel Malware Deployed via Sitecore Zero-Day Exploit

Threat actors have exploited a zero-day vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) to deliver WeepSteel malware. The flaw, tracked as CVE-2025-53690, affects versions prior to 9.0 and was exploited using a sample machine key from outdated deployment guides. The attack involved ViewState deserialization, internal reconnaissance, and the deployment of various open-source tools for persistence and lateral movement. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch the vulnerability by September 25, 2025. The vulnerability has a CVSS score of 9.0, indicating critical severity. The vulnerability was addressed by Sitecore, which has provided mitigation guidance and indicators of compromise (IoCs). The attacks were quickly disrupted, but they highlight the risks associated with using default or outdated configuration settings in web applications. The WeepSteel malware, a .NET assembly, enables the harvesting of system, network, and user information, which is then encrypted and exfiltrated to the attackers. The attackers also performed extensive reconnaissance and established multiple methods of persistence, including creating local administrator accounts and using Remote Desktop Protocol (RDP) for access. The flaw is not a bug in ASP.NET itself, but a misconfiguration vulnerability created by reusing publicly documented keys that were never meant for production. The attackers targeted the '/sitecore/blocked.aspx' endpoint, which contains an unauthenticated ViewState field, and achieved RCE under the IIS NETWORK SERVICE account. The malicious payload dropped was WeepSteel, a reconnaissance backdoor that gathers system, process, disk, and network information, disguising its exfiltration as standard ViewState responses. The attackers executed reconnaissance commands including whoami, hostname, tasklist, ipconfig /all, and netstat -ano. They also deployed Earthworm (a network tunneling and reverse SOCKS proxy), Dwagent (a remote access tool), and 7-Zip (for creating archives of stolen data). The attackers escalated privileges by creating local administrator accounts ('asp$', 'sawadmin'), cached credentials dumping, and attempted token impersonating via GoTokenTheft. Persistence was secured by disabling password expiration for these accounts, giving them RDP access, and registering Dwagent as a SYSTEM service. CVE-2025-53690 impacts Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, up to version 9.0, when deployed using the sample ASP.NET machine key included in pre-2017 documentation. XM Cloud, Content Hub, CDP, Personalize, OrderCloud, Storefront, Send, Discover, Search, and Commerce Server are not impacted. Sitecore published a security bulletin in coordination with Mandiant's report, warning that multi-instance deployments with static machine keys are also at risk. The recommended actions for potentially impacted administrators are to immediately replace all static <machineKey> values in web.config with new, unique keys, and ensure the <machineKey> element inside web.config is encrypted. It is recommended to adopt regular static machine key rotation as an ongoing security measure. The exploitation of CVE-2025-53690 is part of a broader trend of ViewState attacks this year, including vulnerabilities in Gladinet's CentreStack, ConnectWise, and Microsoft SharePoint Server.

Open in new tab