AMD’s latest security advisory exposes a software‑only flaw that lets a malicious hypervisor hijack the Infinity Fabric and subvert SEV‑SNP. By altering firmware‑controlled routing, attackers can misdirect memory writes from the secure co‑processor, leaving the RMP in an unsafe default state. The attack, dubbed Fabricked, shows that even hardened CPUs can be broken without hardware access.

The vulnerability hinges on the fact that AMD’s chiplet design relies on dynamic configuration during boot, which the UEFI supplies. An attacker can skip critical API calls, keeping the fabric openly reconfigurable even after SEV‑SNP activation. When the PSP writes its RMP, the corrupted routing drops those writes.

AMD confirmed the flaw on Zen 5 EPYC CPUs and issued patch notes for Zen 3 and Zen 4, marking the issue as CVE‑2025‑54510. The fix tightens firmware checks, preventing the fabric from being reconfigured post‑boot. Cloud providers must install the update to restore the isolation guarantees that SEV‑SNP promised.

Because the attack requires only firmware and hypervisor privileges, it operates entirely in software and achieves 100 % success. Unlike other hardware exploits, Fabricked does not need physical access or guest code execution. The incident underscores the need for tighter firmware isolation in confidential‑compute platforms and may prompt a redesign of the Infinity Fabric.