CVE-2025-54770

CVSS v3.1

4.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GRUB2 (affected versions not specified)

Description A flaw exists in the GRUB2 bootloader’s network module that can lead to a Denial of Service (DoS). This is a Use-after-Free issue stemming from improper unregistration of the net set vlan command when the network module is unloaded from memory. An attacker executing this command can trigger access to invalid memory locations, causing system instability and a potential crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-825

Related Identifiers

BDU:2025-14789

CVE-2025-54770

OESA-2025-2735

OESA-2025-2736

OESA-2025-2737

OPENSUSE-SU-2025:15749-1

OPENSUSE-SU-2025:20163-1

SUSE-SU-2025:21062-1

SUSE-SU-2025:21212-1

SUSE-SU-2025:21223-1

SUSE-SU-2025:4196-1

SUSE-SU-2025:4305-1

SUSE-SU-2025_4196-1

SUSE-SU-2025_4305-1

Affected Products

Debian

Grub2

Red Os

Suse

CVE-2025-54770

Weakness Enumeration

Related Identifiers

Affected Products

References · 69