Memory Use After Free Vulnerability in GRUB2 Bootloader from Red Hat
CVE-2025-61664

4.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 November 2025

What is CVE-2025-61664?

A memory Use After Free vulnerability has been discovered in the normal module of the GRUB2 bootloader. This issue arises when the normal_exit command fails to unregister properly once the associated module is unloaded. Consequently, if an attacker invokes this command after the module has been removed, the system may attempt to access a memory location that has already been freed. This can lead to system crashes and poses risks to data confidentiality and integrity.

References

https://access.redhat.com/security/cve/CVE-2025-61664
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2414685
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61664 : Memory Use After Free Vulnerability in GRUB2 Bootloader from Red Hat