A German research team has uncovered a significant hardware vulnerability affecting a wide range of AMD processors, including newer Zen 5 models. Dubbed StackWarp, this flaw permits attackers with privileged access to a host server to execute malicious code within confidential virtual machines (CVMs), potentially compromising the security assurances offered by AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. The discovery highlights ongoing challenges in securing virtualized environments against sophisticated hardware-level attacks.
The CISPA Helmholtz Center for Information Security researchers detailed how StackWarp enables malicious VM hosts to manipulate the stack pointer of guest VMs. This manipulation can lead to hijacking of both control and data flow, facilitating remote code execution and privilege escalation within a protected CVM. The vulnerability affects AMD processors from the Zen 1 through Zen 5 generations, impacting a broad spectrum of server and embedded solutions.
StackWarp Vulnerability Undermines AMD SEV-SNP Security
AMD has assigned the vulnerability the identifier CVE-2025-29943 and provided it with a CVSS v4 score of 4.6, classifying it as a medium-severity improper access control bug. According to AMD, an attacker with administrative privileges on a host system could potentially alter the CPU pipeline’s configuration. This alteration can lead to the corruption of the stack pointer within an SEV-SNP guest, thereby undermining its intended isolation.
The affected AMD product lines include the entirety of the EPYC 7003, 8004, 9004, and 9005 series processors, as well as their embedded variants. This broad impact underscores the pervasive nature of the StackWarp vulnerability across AMD’s server-grade silicon.
While AMD’s SEV technology is designed to encrypt the memory of protected VMs, isolating them from the underlying hypervisor, researchers have demonstrated a bypass method. Instead of directly accessing plaintext memory, the StackWarp attack targets a microarchitectural optimization known as the stack engine, which is responsible for accelerating stack operations. This novel approach circumvents traditional memory encryption defenses.
Exploitation Mechanism and Potential Consequences
Researchers explained that the vulnerability can be exploited through an undocumented control bit accessible on the hypervisor side. An attacker running a parallel hyperthread alongside the targeted VM can leverage this bit to manipulate the stack pointer’s position within the protected VM. This enables the redirection of program execution or the alteration of sensitive data, potentially exposing critical secrets from SEV-secured environments.
The implications of StackWarp are significant for cloud environments utilizing AMD processors. The attack could pave the way for attackers to bypass security measures like OpenSSH password authentication and sudo password prompts by recovering sensitive information, such as an RSA-2048 private key from a single faulty signature. Furthermore, it could enable attackers to achieve kernel-mode code execution within a compromised VM.
In response to the vulnerability, AMD has already released microcode updates in July and October of 2025. Further AGESA patches are scheduled for EPYC Embedded 8004 and 9004 Series Processors, with an anticipated release in April 2026. This staggered release schedule highlights the ongoing efforts to address the security flaw across different product iterations.
This discovery builds upon previous research from CISPA, including the CacheWarp software fault attack (CVE-2023-20592), which also targeted AMD SEV-SNP and allowed for control flow hijacking and privilege escalation within encrypted VMs. Both StackWarp and CacheWarp are classified as hardware architectural attacks, demonstrating the increasing sophistication of threats against even hardware-level security mechanisms.
For operators of SEV-SNP hosts, proactive measures are recommended. CISPA researchers suggest checking for enabled hyperthreading on affected systems and considering a temporary disablement for CVMs that require the highest levels of integrity. Concurrently, applying all available microcode and firmware updates from hardware vendors is crucial. The StackWarp vulnerability serves as another stark reminder that subtle microarchitectural effects can significantly compromise system-level security guarantees.