Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise

In a blog post published on Tuesday, Googlehighlighted CVE-2025-30513, which allowed an untrusted operator to fully compromise TDX’s security guarantees.“Specifically, CVE-2025-30513 is capable of converting a migratable TD to a debuggable TD during the migration process. A host can exploit a Time-of-Check to Time-of-Use vulnerability to change the TD’s attributes from migratable to debug as its immutable state is being imported,” Google’s researchers explained.“Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities. Because a migration can occur at any point during the TD lifecycle, this attack can be performed after a TD has completed attestation, ensuring secret material is present in its state,” they added.An 85-pagetechnical reportdescribing the findings has been released by Google. Intel has published ablog postproviding a high-level description of the research project.Related:Intel, AMD Processors Affected by PCIe VulnerabilitiesRelated:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

“Specifically, CVE-2025-30513 is capable of converting a migratable TD to a debuggable TD during the migration process. A host can exploit a Time-of-Check to Time-of-Use vulnerability to change the TD’s attributes from migratable to debug as its immutable state is being imported,” Google’s researchers explained.“Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities. Because a migration can occur at any point during the TD lifecycle, this attack can be performed after a TD has completed attestation, ensuring secret material is present in its state,” they added.An 85-pagetechnical reportdescribing the findings has been released by Google. Intel has published ablog postproviding a high-level description of the research project.Related:Intel, AMD Processors Affected by PCIe VulnerabilitiesRelated:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

“Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities. Because a migration can occur at any point during the TD lifecycle, this attack can be performed after a TD has completed attestation, ensuring secret material is present in its state,” they added.An 85-pagetechnical reportdescribing the findings has been released by Google. Intel has published ablog postproviding a high-level description of the research project.Related:Intel, AMD Processors Affected by PCIe VulnerabilitiesRelated:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

An 85-pagetechnical reportdescribing the findings has been released by Google. Intel has published ablog postproviding a high-level description of the research project.Related:Intel, AMD Processors Affected by PCIe VulnerabilitiesRelated:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

Related:Intel, AMD Processors Affected by PCIe VulnerabilitiesRelated:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

Related:New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsRelated:WireTap Attack Breaks Intel SGX Security

Related:WireTap Attack Breaks Intel SGX Security

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

Source: SecurityWeek