CVE-2025-61663

CVSS v3.1

4.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GRUB2 Bootloader (affected versions not specified)

Description A Use-after-Free issue exists in the GRUB2 bootloader’s normal command. The flaw occurs because the normal command is not properly unregistered when the module is unloaded. An attacker executing this command can cause the system to access invalid memory locations, leading to system instability and a potential Denial of Service (DoS). This could result in a complete system crash and halt system availability. The potential impact on data integrity and confidentiality is also considered possible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-825

Related Identifiers

AZL-70523

AZL-70577

BDU:2025-14787

CVE-2025-61663

OESA-2025-2735

OESA-2025-2736

OESA-2025-2737

OESA-2025-2738

OESA-2025-2739

OESA-2026-1071

OPENSUSE-SU-2025:15749-1

OPENSUSE-SU-2025:20163-1

SUSE-SU-2025:21062-1

SUSE-SU-2025:21212-1

SUSE-SU-2025:21223-1

SUSE-SU-2025:4143-1

SUSE-SU-2025:4152-1

SUSE-SU-2025:4196-1

SUSE-SU-2025:4197-1

SUSE-SU-2025:4224-1

SUSE-SU-2025:4305-1

Affected Products

Debian

Grub2 Bootloader

Red Os

Suse

CVE-2025-61663

Weakness Enumeration

Related Identifiers

Affected Products

References · 86