← Voltar para CVEs
CVE-2025-0624
HIGH7.6
Descricao
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Detalhes CVE
Pontuacao CVSS v3.17.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado2/19/2025
Ultima modificacao5/21/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-787
Referencias
https://access.redhat.com/errata/RHSA-2025:2521(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2653(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2655(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2675(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2784(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2799(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2867(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:2869(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3297(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3301(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3367(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3396(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3573(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3577(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:3780(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:4422(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2025:7702(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2025-0624(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2346112(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20250516-0006/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.