Login Sign Up

CVE-2025-61662

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in GRUB's gettext module allows attackers to invoke an orphaned command after module unloading, causing memory access to invalid locations. This can lead to GRUB crashes (denial of service) and potential data integrity/confidentiality compromise. Systems using vulnerable GRUB versions are affected.

💻 Affected Systems

Products:
  • GRUB (GRand Unified Bootloader)
Versions: Specific versions not detailed in CVE; check vendor advisories for affected versions.
Operating Systems: Linux distributions using GRUB, Other OS using GRUB as bootloader
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where GRUB's gettext module is loaded and then unloaded during boot process.

📦 What is this software?

Grub2 by Gnu

View all CVEs affecting Grub2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system boot failure, potential arbitrary code execution during boot process, data corruption, or unauthorized access to boot environment.

🟠

Likely Case

GRUB crash during boot leading to system boot failure and denial of service, requiring physical or remote console intervention.

🟢

If Mitigated

Limited to GRUB crash during boot with minimal data impact if proper boot security measures are in place.

🌐 Internet-Facing: LOW - GRUB typically runs locally during boot, not exposed to network.
🏢 Internal Only: MEDIUM - Requires local or physical access to exploit during boot process.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to interact with GRUB during boot (physical access or remote console).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific patches (Red Hat, Ubuntu, etc.)

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2025-61662

Restart Required: Yes

Instructions:

1. Check your distribution's security advisory. 2. Update GRUB package via package manager (apt, yum, dnf). 3. Reboot system to apply changes.

🔧 Temporary Workarounds

Disable gettext module

linux

Prevent loading of vulnerable gettext module in GRUB configuration

Edit /etc/default/grub and add: GRUB_DISABLE_GETTEXT=true
Run: update-grub (or grub2-mkconfig -o /boot/grub2/grub.cfg)

🧯 If You Can't Patch

  • Restrict physical access to systems to prevent local exploitation during boot
  • Implement secure boot with trusted boot chain to detect unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check GRUB version and compare with vendor patched versions: grub-install --version

Check Version:

grub-install --version

Verify Fix Applied:

Verify GRUB package version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • GRUB boot failures in system logs
  • Kernel panic during boot
  • Unexpected reboots

Network Indicators:

  • None - local exploit only

SIEM Query:

source="boot.log" AND "GRUB" AND ("panic" OR "crash" OR "failure")

📊 Metadata

CVE ID: CVE-2025-61662
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.02% exploit probability (2.8th percentile)
Published: November 18, 2025
Last Updated: January 21, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61662, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)