Denial of Service Vulnerability in GRUB Component by Red Hat
CVE-2025-61661

4.8MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 November 2025

What is CVE-2025-61661?

A vulnerability in the GRUB (Grand Unified Bootloader) allows local attackers to exploit improper string conversion during USB device interactions. This flaw can be triggered by connecting a maliciously configured USB device while the system is booting. Exploitation may lead to the crashing of the bootloader, resulting in Denial of Service. Although there's potential for data corruption, the exploit's complexity typically limits the impact.

References

https://access.redhat.com/security/cve/CVE-2025-61661
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2413827
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61661 : Denial of Service Vulnerability in GRUB Component by Red Hat