Buffer Overflow Vulnerability in GRUB2 JFS Filesystem Module by Red Hat
CVE-2025-0685

6.4MEDIUM

Key Information:

Vendor: Gnu
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-0685?

A buffer overflow vulnerability exists in the JFS filesystem module of GRUB2. The module fails to properly validate user-controlled parameters when calculating the internal buffer size, which could trigger an integer overflow. This flaw may allow a maliciously crafted filesystem to cause the grub_jfs_lookup_symlink() function to write beyond the internal buffer limits during the grub_jfs_read_file() operation. The exploitation of this vulnerability can compromise critical internal data of GRUB, potentially enabling arbitrary code execution and bypassing secure boot mechanisms.

References

https://access.redhat.com/security/cve/CVE-2025-0685

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2346120

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 23, 2025

Gnu

What is CVE-2025-0685?

References

CVSS V3.1

Timeline