CVE-2025-54771
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-18

Last updated on: 2025-11-18

Assigner: Red Hat, Inc.

Description
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-18
Last Modified
2025-11-18
Generated
2026-05-06
AI Q&A
2025-11-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54771
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu grub 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-825 The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free flaw in the GNU GRUB bootloader. It happens because when a file is closed, the process incorrectly keeps a pointer to memory that has already been freed, resulting in an invalid reference to a file system structure. This can be exploited by an attacker to cause the bootloader to crash.


How can this vulnerability impact me? :

Exploiting this vulnerability can cause the GNU GRUB bootloader to crash, leading to a Denial of Service (DoS). There is also a possibility, though not confirmed, that data integrity or confidentiality could be compromised.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart