The RMPocalypse Vulnerability Compromises AMD SEV-SNP Security

AMD has released patches for a critical vulnerability known as RMPocalypse, which undermines the security of Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) — the company’s flagship confidential computing technology.

Discovery and Technical Details

Researchers from the Swiss Federal Institute of Technology Zurich (ETH Zurich) discovered that the flaw enables attackers to perform a single unauthorized write to the Reverse Map Paging (RMP) table — a data structure that stores security metadata for all DRAM pages in a system.

According to AMD’s documentation, the RMP table resides in DRAM and maps system physical addresses (sPA) to guest physical addresses (gPA).
There is only one such table per system, configured through x86 model-specific registers (MSR). It also contains per-page security attributes managed by the hypervisor through hardware and firmware mechanisms.

Initialization of the RMP is handled by the Platform Security Processor (PSP), a critical component supporting SEV-SNP.
The RMPocalypse vulnerability exploits a memory management flaw during this initialization phase, allowing an attacker to bypass SEV-SNP protections designed to ensure the integrity and confidentiality of virtualized environments.

Root Cause and Exploitation

The researchers explain that the core weakness lies in insufficient protection of the protection mechanism itself — the RMP table is not fully safeguarded when a virtual machine starts, leaving it exposed to corruption.

“This vulnerability allows a remote attacker to bypass individual protection features and manipulate the virtual machine environment, which is supposed to be securely isolated,” the experts said.
“It can be used to activate hidden features (e.g., debug mode), forge security attestations, perform replay attacks, and even inject third-party code.”

Successful exploitation enables an attacker to interfere arbitrarily with confidential virtual machines and extract sensitive data.

AMD’s Assessment and Impact

AMD assigned the identifier  CVE-2025-0033 to this vulnerability and rated it 5.9 (Medium) on the CVSS scale.
The company describes the issue as a race condition occurring during RMP initialization by the AMD Secure Processor (ASP/PSP). This timing flaw allows a malicious hypervisor to modify RMP contents mid-initialization, compromising memory integrity for SEV-SNP guests.

Affected Processors

The vulnerability impacts the following AMD EPYC processor families:

• EPYC 7003 Series
• EPYC 8004 Series
• EPYC 9004 Series
• EPYC 9005 Series
• EPYC Embedded 7003 (patch scheduled for November 2025)
• EPYC Embedded 8004
• EPYC Embedded 9004
• EPYC Embedded 9005 (patch scheduled for November 2025)

Vendor Responses

Both Microsoft and Supermicro have confirmed the presence of CVE-2025-0033 in their products.
Microsoft reports ongoing mitigation efforts for AMD-based Azure Confidential Computing (ACC) clusters, while Supermicro has stated that BIOS updates will be required for certain affected motherboard models.