AMD has released patches for “RMPocalypse” (CVE-2025-0033), a vulnerability that can undermine the confidentiality and integrity guarantees of Secure Encrypted Virtualization with Secure Nested Paging (SEV‑SNP). Discovered by ETH Zurich researchers, the flaw exploits a race condition during early platform initialization to allow a targeted single write to the Reverse Map Table (RMP)—the central data structure that tracks security metadata for all DRAM pages under SEV‑SNP.
What is RMPocalypse and how it affects AMD SEV‑SNP
SEV‑SNP is AMD’s hardware-based confidential computing technology that encrypts and isolates guest virtual machine (VM) memory so that even a privileged hypervisor cannot silently tamper with guest state. This model relies on strict hardware enforcement of page mappings and security attributes, which are verified continuously during memory accesses.
Reverse Map Table (RMP): the linchpin of memory isolation
The RMP is a system-wide table in DRAM that maps system physical addresses (sPA) to guest physical addresses (gPA) and stores critical per-page security attributes. It is configured through x86 MSRs, enforced by hardware, initialized by the Platform Security Processor (PSP/ASP), and coordinated with the hypervisor. For SEV‑SNP, the correctness and immutability of the RMP are foundational to memory integrity and isolation.
Root cause: race during RMP initialization
According to AMD’s advisory, CVE-2025-0033 is a race condition that occurs while the PSP initializes the RMP. The ETH Zurich team demonstrated that this brief early-boot window can leave the RMP insufficiently protected, enabling an attacker with control of the hypervisor to make a single, targeted modification to the table. That write can break the “write-once” assumption for initial RMP entries, undermining SEV‑SNP’s integrity checks at VM startup and allowing deviations from intended page protections.
Plausible attack paths and real-world exposure
With a controlled RMP change at initialization, a malicious hypervisor could interfere with an isolated VM’s execution environment. Potential outcomes include enabling hidden or debug modes, forging attestation measurements, replay attacks on protected memory, or injecting code into the VM despite encryption. In multi-tenant clouds, this can translate into exposure of secrets and sensitive workloads. Notably, the attack presumes significant privileges (hypervisor control) and a narrow timing window, which is reflected in AMD’s CVSS 5.9 (Medium) rating.
Risk assessment, affected platforms, and vendor fixes
AMD assigned the identifier CVE-2025-0033 and states that a malicious hypervisor could alter the RMP during initialization, causing loss of SEV‑SNP guest memory integrity. AMD has issued platform and firmware updates—covering PSP/AGESA and CPU microcode—to close the race window and harden RMP handling. Customers should review the vendor’s affected processor list and apply OEM updates.
Ecosystem partners have acknowledged exposure. Microsoft reports that Azure Confidential Computing clusters using AMD SEV‑SNP are affected and that mitigations are being deployed across regions. Supermicro indicates that BIOS updates are required for impacted motherboard models. As with other confidential computing issues, timely coordination between CPU microcode, platform firmware, and hypervisor software is critical to restore end‑to‑end guarantees.
Mitigation guidance and hardening checklist
– Apply OEM BIOS/UEFI updates that bundle the latest PSP/AGESA and CPU microcode. Verify successful installation via inventory tooling and attestation logs.
– Update the hypervisor and VM management stack to consume new platform protections and reduce early initialization interference opportunities.
– Strengthen attestation workflows: enforce measured boot policies, continuously verify attestation results, and alert on anomalies or policy drift.
– Minimize trust in the host: adopt least privilege for virtualization administrators, segment critical confidential workloads, and prefer dedicated or isolated hosts when feasible.
– Institutionalize vulnerability management: asset inventory, CVE prioritization (including CVE-2025-0033), scheduled maintenance windows, and automated compliance checks.
RMPocalypse underscores a core lesson of confidential computing: strong memory encryption is not enough if auxiliary metadata structures are exposed during initialization. Organizations running SEV‑SNP should promptly deploy AMD and OEM updates, validate attestation baselines, and reassess threat models for sensitive workloads. Closing this early‑boot gap quickly is essential to preserve the isolation, integrity, and confidentiality that underpin trusted execution in modern cloud environments.
