RMPocalypse Vulnerability Enables Full Compromise of AMD SEV-SNP Encrypted Virtual Machines

A critical vulnerability, identified as CVE-2025-0033 and dubbed RMPocalypse, has been discovered in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. This flaw allows attackers to bypass the core security guarantees of SEV-SNP, which is designed to protect the confidentiality and integrity of virtual machines (VMs) even in hostile environments. Researchers from ETH Zürich revealed that the vulnerability stems from incomplete protections in the initialization of the Reverse Map Paging (RMP) table, a key data structure that stores security metadata for all DRAM pages in the system. The RMP table, which maps system physical addresses to guest physical addresses, is only partially protected during VM startup, creating a window of opportunity for exploitation. By performing a single, carefully crafted 8-byte memory write to the RMP table, an attacker can corrupt its contents, undermining the isolation between VMs and the hypervisor. This attack vector enables adversaries with sufficient access to bypass SEV-SNP's hardware-enforced boundaries, potentially gaining full control over encrypted VMs. The implications are severe: attackers could access sensitive data, activate hidden debug functions, forge attestation checks, and even perform replay attacks by restoring previous VM states. AMD has acknowledged the issue and released firmware updates to address the vulnerability, urging customers to apply the patches promptly. The flaw highlights a fundamental challenge in confidential computing, where the security of the underlying mechanisms is as critical as the protections they provide. The vulnerability is particularly concerning for cloud service providers and enterprises relying on SEV-SNP for secure multi-tenant environments. Security experts recommend immediate patching and a review of VM isolation strategies in light of this disclosure. The RMPocalypse flaw demonstrates that even advanced hardware-based security features can be undermined by subtle implementation oversights. The research underscores the importance of rigorous security validation for all components involved in confidential computing. Organizations are advised to monitor for further advisories from AMD and to assess the potential exposure of their virtualized workloads. The incident serves as a reminder that attackers continue to seek and exploit weaknesses in foundational security technologies. The public disclosure of RMPocalypse has prompted renewed scrutiny of hardware-assisted virtualization security. The vulnerability's exploitation requires a high level of technical skill but poses a significant risk to environments where SEV-SNP is deployed. AMD's response includes not only patches but also updated guidance for secure deployment of SEV-SNP-enabled systems. The security community is closely watching for any signs of exploitation in the wild following the release of technical details. This event is expected to influence future designs of confidential computing architectures across the industry.