CVE Catalog

CVE-2025-61664

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A Use After Free vulnerability has been identified in the GRUB2 bootloader's normal module. The flaw occurs because the normal_exit command is not properly unregistered when its module is unloaded. An attacker can invoke the command after module removal, causing access to freed memory.

Risk Assessment

The risk includes system crashes and potential loss of data confidentiality and integrity. An attacker could exploit this to destabilize the system or gain unauthorized access.

Recommendation

Immediately update GRUB2 to the latest patched version. Also restrict physical access to the system to mitigate local attacks.

Original NVD description (English source)

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS