CVE-2025-4003

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions RefindPlus versions 0.14.2.AB

Description A vulnerability was found in RefindPlus, affecting the InternalApfsTranslateBlock function of the file Library/RP ApfsLib/RP ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host.

Recommendations To fix this issue, apply the patch named 4d35125ca689a255647e9033dd60c257d26df7cb. As a temporary workaround, consider disabling the InternalApfsTranslateBlock function until the patch is applied.

Fix

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

CVE-2025-4003

Affected Products

Refindplus

CVE-2025-4003

Weakness Enumeration

Related Identifiers

Affected Products

References · 12