Denial of Service Vulnerability in GRUB2 Bootloader by Red Hat
CVE-2025-61663

4.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 November 2025

What is CVE-2025-61663?

A critical vulnerability exists in the GRUB2 bootloader's normal command functionality, leading to a potential Denial of Service (DoS) condition. This issue arises from a Use-after-Free flaw, resulting from improper unregistration of the normal command when its associated module is unloaded. An attacker capable of executing this command can exploit valid memory access attempts that reference locations no longer available, resulting in system instability. Such exploitation may lead to complete system crashes, severely affecting availability, and potentially compromising data integrity and confidentiality.

References

https://access.redhat.com/security/cve/CVE-2025-61663
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2414684
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61663 : Denial of Service Vulnerability in GRUB2 Bootloader by Red Hat