CVE-2025-61663
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-18
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | grub | 2.06 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-825 | The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use-after-Free flaw in the GRUB2 bootloader's normal command. It occurs because the normal command is not properly unregistered when its module is unloaded. An attacker who can execute this command can cause the system to access invalid memory locations, leading to system instability and potentially causing the system to crash and become unavailable.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause a Denial of Service (DoS) by making the system unstable and crashing it, which halts system availability. There is also a potential impact on data integrity and confidentiality, although this is not confirmed.