A recently discovered vulnerability known as StackWarp has raised the alarm. Second, it jeopardizes the security of AMD’s SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging) environments. AMD has acknowledged one medium-severity bug, tracked as CVE-2025-29943. An attacker with administrative access might be able to change CPU pipeline settings, representing a threat of major security vulnerabilities in virtual machines (VMs) residing on AMD-powered cloud infrastructures.
StackWarp has been assigned a CVSS v4 score of 4.6. This makes it one of the highest risks for entities leveraging SEV-SNP technology. This will allow remote attackers to achieve arbitrary memory corruption of stack pointers in SEV-SNP guests. Each of these guests is purpose-built to protect sensitive data in evermore common virtualized environments.
Details of the Vulnerability
Inadequate access control is the root cause of the StackWarp flaw and highlights how these esoteric microarchitectural phenomena can still threaten security at the system level. A motivated adversary can use this novel attack to read sensitive and secret information from within SEV-secured environments. They can even retroactively recover RSA-2048 private keys from only a single bad signature. This kind of exploit would circumvent OpenSSH password authentication as well as the sudo password prompt, posing serious implications for data integrity.
“This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM.” – Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz
This attack vector thus represents a significant threat to companies that trust AMD’s processors with their cloud services. It might paralyze their operations and lead to unauthorized access to their most sensitive data.
Implications for Users
In response to the vulnerability, StackWarp, AMD released microcode updates to mitigate the exploit in July and October 2025. Organizations with EPYC Embedded 8004 and 9004 Series Processors in use will need to bide their time. They have to wait until April 2026 for the AGESA patches that will address and help protect against this threat.
Zhang wants operator of SEV-SNP hosts to take proactive measures. Before anything, he recommends that organizations take a look at their systems to see if hyperthreading is enabled. If yes, then they should plan to disable it on a per-VM basis (and temporarily!) for very special, confidential VMs that possess the highest integrity vigour.
“For operators of SEV-SNP hosts, there are concrete steps to take: First, check whether hyperthreading is enabled on the affected systems. If it is, plan a temporary disablement for CVMs that have particularly high integrity requirements,” – Zhang
Recommendations Moving Forward
Because the ramifications of StackWarp reach far beyond wonky technical details, it is imperative for the community and civil society organizations to stay alert. The ability to run kernel-mode code execution within a VM opens up a dangerous attack vector. This dangerous threat in the wild would affect all sectors that rely on the cloud.
In order to safeguard against such vulnerabilities, organizations need to take added layers of defense. They should establish strong monitoring programs to identify suspicious activity. Experts such as Zhang advise a number of proactive measures to reduce risks stemming from the StackWarp vulnerability. By adhering to these best practices, developers will help ensure airtight protection of sensitive data in SEV-secured environments.
