CVE-2025-61662

HIGH
2025-11-18 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Nov 18, 2025 - 19:15 nvd
HIGH 7.8

Tags

Denial Of Service Memory Corruption Use After Free

Description

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Analysis

A use-after-free vulnerability exists in GRUB's gettext module where the gettext command remains registered after module unloading, allowing attackers with local access and low privileges to trigger memory corruption. Successful exploitation can lead to denial of service through GRUB crashes and potentially compromise system confidentiality and integrity. With an EPSS score of only 0.01%, real-world exploitation is currently unlikely, and patches are available from Red Hat and other vendors.

Technical Context

The vulnerability affects GNU GRUB2 bootloader (cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*) in its gettext internationalization module, which handles language translation functionality. The root cause is a classic use-after-free condition (CWE-416) where the gettext command registration persists in memory after the containing module is unloaded, creating a dangling pointer. When the orphaned command is subsequently invoked, GRUB attempts to execute code from freed memory regions, resulting in unpredictable behavior ranging from crashes to potential arbitrary code execution within the bootloader context.

Affected Products

GNU GRUB2 bootloader versions are affected by this vulnerability, as identified by CPE cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*. Red Hat has issued multiple security advisories (RHSA-2026:4648 through RHSA-2026:4830) covering various Red Hat Enterprise Linux versions. The vulnerability was reported by Red Hat security team ([email protected]) and discussed on the GRUB development mailing list. Specific version ranges affected can be found in the Red Hat Bugzilla entry 2414683 and vendor advisories.

Remediation

Apply vendor-supplied patches immediately, with Red Hat patches available through multiple RHSA advisories (RHSA-2026:4648, RHSA-2026:4649, RHSA-2026:4652, RHSA-2026:4653, RHSA-2026:4654, RHSA-2026:4760, RHSA-2026:4830). The patch is also available from the upstream GRUB project as referenced in the oss-security mailing list. Until patching is complete, limit local access to trusted users only and monitor for unusual GRUB module loading/unloading activities. Organizations should prioritize patching based on the criticality of affected systems and existing access controls.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Vendor Status

Share

CVE-2025-61662 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy