Skip to main content

CVE-2025-4382

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2025-05-09 secalert@redhat.com
5.9
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.9 MEDIUM
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
SUSE
MEDIUM
qualitative
Red Hat
5.9 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Patch released
Apr 06, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:41 vuln.today
CVE Published
May 09, 2025 - 12:15 nvd
MEDIUM 5.9

DescriptionCVE.org

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

AnalysisAI

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:15.7.20.5.1 Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-Azure Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Hardened-GCE Image SLES15-SP7-SAPCAL-Azure Image SLES15-SP7-SAPCAL-GCE Affected
Container suse/manager/5.0/x86_64/server:5.0.4.7.24.1 Affected
Container suse/multi-linux-manager/5.1/x86_64/server:5.1.0.6.40 Image server-image Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.30 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.40 Affected

Share

CVE-2025-4382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy