CVE-2025-61662
7.8 HIGHA Use-After-Free vulnerability has been discovered in GRUB's gettext module
Published: 2025-11-18 · Last updated: 2026-05-20
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-416
Affected products
| Vendor | Product |
|---|---|
| gnu | grub2 |
Description
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-61662
- [Other]https://access.redhat.com/errata/RHSA-2026:10097
- [Other]https://access.redhat.com/errata/RHSA-2026:14773
- [Other]https://access.redhat.com/errata/RHSA-2026:15087
- [Other]https://access.redhat.com/errata/RHSA-2026:17596
- [Other]https://access.redhat.com/errata/RHSA-2026:4648
- [Other]https://access.redhat.com/errata/RHSA-2026:4649
- [Other]https://access.redhat.com/errata/RHSA-2026:4652
- [Other]https://access.redhat.com/errata/RHSA-2026:4653
- [Other]https://access.redhat.com/errata/RHSA-2026:4654
- [Other]https://access.redhat.com/errata/RHSA-2026:4760
- [Other]https://access.redhat.com/errata/RHSA-2026:4822
- [Other]https://access.redhat.com/errata/RHSA-2026:4823
- [Other]https://access.redhat.com/errata/RHSA-2026:4830
- [Other]https://access.redhat.com/errata/RHSA-2026:4900
- [Other]https://access.redhat.com/errata/RHSA-2026:4998
- [Other]https://access.redhat.com/errata/RHSA-2026:5074
- [Other]https://access.redhat.com/errata/RHSA-2026:5127
- [Other]https://access.redhat.com/errata/RHSA-2026:5233
- [Other]https://access.redhat.com/errata/RHSA-2026:6492
- [Other]https://access.redhat.com/errata/RHSA-2026:7239
- [Other]https://access.redhat.com/errata/RHSA-2026:7243
- [Other]https://access.redhat.com/security/cve/CVE-2025-61662
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2414683
- [Other]https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html
- [Patch]http://www.openwall.com/lists/oss-security/2025/11/18/5
Related CVEs
Same vendor
- CVE-2026-42009 — A flaw was found in gnutls (7.5 HIGH)
- CVE-2026-42010 — A flaw was found in gnutls (7.1 HIGH)
- CVE-2026-3833 — A flaw was found in gnutls (6.5 MEDIUM)
- CVE-2026-3832 — A flaw was found in gnutls (3.7 LOW)
- CVE-2026-33845 — A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow ... (7.5 HIGH)
Same CWE
- CVE-2026-10640 — Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated th... (4.2 MEDIUM)
- CVE-2026-10639 — In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to ne... (4.8 MEDIUM)
- CVE-2026-10638 — subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data() (5.9 MEDIUM)
- CVE-2026-10637 — subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully (5.9 MEDIUM)
- CVE-2026-10636 — In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_i... (3.7 LOW)