Memory Use After Free Vulnerability in GRUB2 Bootloader from Red Hat
CVE-2025-61664

4.9MEDIUM

Key Information:

Vendor: Gnu
Status: Grub2; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-61664?

A memory Use After Free vulnerability has been discovered in the normal module of the GRUB2 bootloader. This issue arises when the normal_exit command fails to unregister properly once the associated module is unloaded. Consequently, if an attacker invokes this command after the module has been removed, the system may attempt to access a memory location that has already been freed. This can lead to system crashes and poses risks to data confidentiality and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

grub2 0 <= 2.14

References

https://access.redhat.com/security/cve/CVE-2025-61664

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2414685

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 29, 2025

JSON

Gnu