Researchers have discovered a flaw in AMD processors that can break the isolation mechanism of confidential virtual machines.
Scientists from the German CISPA Helmholtz Center for Information Security identified a vulnerability named StackWarp (CVE-2025-29943) in AMD Zen CPUs.
SEV-SNP
The flaw lies in systems that use SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging). This is a technology that should protect virtual machines from the hypervisor. In combination with Simultaneous Multithreading (SMT), an attacker with access to the host server can manipulate or read sensitive data from guest machines.
According to the researchers, the attack can lead to the theft of cryptographic keys, bypassing OpenSSH authentication, and privilege escalation. The vulnerability exploits a flaw in the CPU stack engine, which serves to handle stack operations more efficiently.
Patch available, risk remains
AMD was informed in July 2025 and has now released patches. In a security advisory, the company assigns a low risk to the problem. However, the impact can be significant in specific cloud scenarios, writes The Register.
Cloud providers use SEV-SNP to offer confidential virtual machines. According to the researchers, hardware isolation in shared environments remains vulnerable. AMD advises companies using AMD-based virtual infrastructure to install the updates and patches as soon as possible. It also doesn’t hurt to critically evaluate SMT settings.