PT-2025-7459 · Grub2+9 · Grub2+9

Published

2025-02-18

·

Updated

2025-10-17

·

CVE-2025-0624

CVSS v3.1

7.6

High

VectorAV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions grub2 (affected versions not specified)
Description A flaw was found in grub2 during the network boot process. When trying to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grub strcpy() function. It fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to bypass secure boot protections.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025:2867
ALSA-2025:3367
ALT-PU-2025-5587
ALT-PU-2025-6088
AZL-56997
AZL-57049
BDU:2025-02685
CESA-2025_3367
CVE-2025-0624
INFSA-2025_2867
INFSA-2025_3367
OESA-2025-1216
OESA-2025-1217
OESA-2025-1218
OESA-2025-1232
OESA-2025-1233
OPENSUSE-SU-2025:14822-1
OPENSUSE-SU-2025_0586-1
OPENSUSE-SU-2025_0587-1
OPENSUSE-SU-2025_0588-1
OPENSUSE-SU-2025_0607-1
RHSA-2025:2521
RHSA-2025:2653
RHSA-2025:2655
RHSA-2025:2675
RHSA-2025:2784
RHSA-2025:2799
RHSA-2025:2867
RHSA-2025:2869
RHSA-2025:3367
RHSA-2025:3396
RHSA-2025_2867
RHSA-2025_3367
SUSE-SU-2025:01961-1
SUSE-SU-2025:0586-1
SUSE-SU-2025:0587-1
SUSE-SU-2025:0588-1
SUSE-SU-2025:0607-1
SUSE-SU-2025:0629-1
SUSE-SU-2025:20511-1
SUSE-SU-2025:20863-1
SUSE-SU-2025_0586-1
SUSE-SU-2025_0587-1
SUSE-SU-2025_0588-1
SUSE-SU-2025_0607-1
SUSE-SU-2025_0629-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse
Grub2