CVE-2025-61662

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GRUB (affected versions not specified)

Description A Use-After-Free issue exists in GRUB's gettext module. This occurs because the gettext command remains registered in memory after its module is unloaded. Exploitation involves invoking the orphaned command, leading to access of an invalid memory location. This can cause GRUB to crash, resulting in a Denial of Service. A potential compromise of data integrity or confidentiality is possible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:4648

ALSA-2026:4649

ALSA-2026:4760

AZL-70520

AZL-70565

BDU:2025-14786

CVE-2025-61662

OESA-2025-2735

OESA-2025-2736

OESA-2025-2737

OESA-2025-2738

OESA-2025-2739

OESA-2026-1071

OPENSUSE-SU-2025:15749-1

OPENSUSE-SU-2025:20163-1

RHSA-2026:4648

RHSA-2026:4649

RHSA-2026:4652

RHSA-2026:4653

RHSA-2026:4654

RHSA-2026:4760

RHSA-2026:4822

RHSA-2026:4823

RHSA-2026:4830

RHSA-2026:4900

RHSA-2026:4998

RHSA-2026:5074

RHSA-2026:5233

SUSE-SU-2025:21062-1

SUSE-SU-2025:21212-1

SUSE-SU-2025:21223-1

SUSE-SU-2025:4143-1

SUSE-SU-2025:4152-1

SUSE-SU-2025:4196-1

SUSE-SU-2025:4197-1

SUSE-SU-2025:4224-1

SUSE-SU-2025:4305-1

SUSE-SU-2026:21621-1

Affected Products

Debian

Grub

Red Os

Rocky Linux

Suse

CVE-2025-61662

Weakness Enumeration

Related Identifiers

Affected Products

References · 131