CVE-2025-4002 – This vulnerability in RefindPlus 0.14.2.AB allo... (How to Fix)

📋 TL;DR

This vulnerability in RefindPlus 0.14.2.AB allows local attackers to trigger a null pointer dereference in the GetDebugLogFile function, potentially causing the bootloader to crash. Only systems using the vulnerable version of RefindPlus bootloader are affected. The attack requires local access to the system.

💻 Affected Systems

Products:

RefindPlus

Versions: 0.14.2.AB

Operating Systems: Any OS using RefindPlus bootloader

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with RefindPlus installed as bootloader; requires local attacker access.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

System fails to boot properly, requiring physical intervention or recovery media to restore functionality.

🟠

Likely Case

Boot process interruption or system instability during boot, potentially requiring reboot or manual recovery.

🟢

If Mitigated

Minimal impact with proper access controls preventing unauthorized local access.

🌐 Internet-Facing: LOW - Attack requires local access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers with physical or console access could disrupt boot process.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of triggering the null pointer dereference; no public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit d2143a1e2deefddd9b105fb7160763c4f8d47ea2

Vendor Advisory: https://github.com/RefindPlusRepo/RefindPlus/issues/204

Restart Required: Yes

Instructions:

1. Update RefindPlus to version containing commit d2143a1e2deefddd9b105fb7160763c4f8d47ea2
2. Rebuild bootloader if needed
3. Reboot system to apply changes

🔧 Temporary Workarounds

Restrict physical access

all

Prevent unauthorized local access to systems using RefindPlus

Disable debug logging

all

If possible, disable debug logging features in RefindPlus configuration

🧯 If You Can't Patch

Implement strict physical security controls to prevent unauthorized local access
Consider alternative bootloaders if RefindPlus is not essential

🔍 How to Verify

Check if Vulnerable:

Check RefindPlus version: grep -i 'version' /boot/efi/EFI/refind/refind.conf or similar location

Check Version:

Check refind.conf or bootloader files for version information

Verify Fix Applied:

Verify RefindPlus has been updated to version containing commit d2143a1e2deefddd9b105fb7160763c4f8d47ea2

📡 Detection & Monitoring

Log Indicators:

Boot failures
RefindPlus crash logs
System boot interruption events

Network Indicators:

None - local attack only

SIEM Query:

Search for boot failure events or RefindPlus-related crash logs in system logs

📊 Metadata

CVE ID: CVE-2025-4002

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-404

EPSS Score: 0.02% exploit probability (4.5th percentile)

Published: April 28, 2025

Last Updated: April 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4002, you might also want to check these: