Home

Description

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

PUBLISHED Reserved 2025-09-29 | Published 2025-11-18 | Updated 2025-11-19 | Assigner redhat




MEDIUM: 4.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-11-12:Reported to Red Hat.
2025-11-18:Made public.

References

www.openwall.com/lists/oss-security/2025/11/18/5

access.redhat.com/security/cve/CVE-2025-61662 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2414683 (RHBZ#2414683) issue-tracking

cve.org (CVE-2025-61662)

nvd.nist.gov (CVE-2025-61662)

Download JSON