If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.

The attack, dubbed VMSCAPE ( CVE-2025-40300 ), is said to be the first Spectre-based exploit that allows a malicious guest user in a cloud environment to leak secrets from the hypervisor in the host domain without code changes – injected Return-oriented programming gadgets – and in default configuration.

The technique is described in a paper [PDF] published on Thursday, "VMSCAPE: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments," by Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi

See Full Page