Use-After-Free Vulnerability in GRUB2 Affecting Red Hat Products
CVE-2025-0622

6.4MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 7
Vendor
CVE Published:
18 February 2025

What is CVE-2025-0622?

A flaw has been identified in the GRUB2 bootloader's command/gpg functionality. When modules are unloaded, any hooks they created may not be removed properly. This can lead to a use-after-free condition, which, if successfully exploited, may allow an attacker to execute arbitrary code. This capability can potentially enable the attacker to bypass secure boot safeguards, thereby undermining system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:16154
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:6990
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-0622
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.