CVE-2025-4002
- Source
- https://cve.org/CVERecord?id=CVE-2025-4002
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4002.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-4002
- Published
- 2025-04-28T05:15:18.057Z
- Modified
- 2025-12-15T03:58:34.171108Z
- Severity
-
- 6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.
- References
-
- https://vuldb.com/?ctiid.306338
- https://vuldb.com/?id.306338
- https://vuldb.com/?submit.558122
- https://github.com/RefindPlusRepo/RefindPlus/issues/204
- https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643
- https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2
Affected packages
Git / github.com/refindplusrepo/refindplus
Affected ranges
- Type
- GIT
- Repo
- https://github.com/refindplusrepo/refindplus
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.12.0.AA
v0.12.0.AB
v0.12.0.AN
v0.12.0.AQ
v0.12.0.C
v0.12.0.D
v0.12.0.E
v0.12.0.F
v0.12.0.G
v0.12.0.H
v0.12.0.J
v0.12.0.K
v0.12.0.L
v0.12.0.M
v0.13.1.AA
v0.13.1.AB
v0.13.2.AA
v0.13.2.AB
v0.13.2.AC
v0.13.2.AD
v0.13.2.AE
v0.13.2.AF
v0.13.2.AG
v0.13.2.AH
v0.13.2.AJ
v0.13.2.AK
v0.13.2.AL
v0.13.2.AM
v0.13.2.AN
v0.13.2.AP
v0.13.3.AA
v0.13.3.AB
v0.13.3.AC
v0.13.3.AD
v0.14.0.AA
v0.14.0.AB
v0.14.0.AC
v0.14.1.AA
v0.14.2.AA
v0.14.2.AB
Database specific
vanir_signatures
[
{
"id": "CVE-2025-4002-72a4832e",
"signature_version": "v1",
"digest": {
"function_hash": "329880505637215782182931889380913516842",
"length": 623.0
},
"deprecated": false,
"source": "https://github.com/refindplusrepo/refindplus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2",
"signature_type": "Function",
"target": {
"file": "Library/MemLogLib/BootLog.c",
"function": "GetDebugLogFile"
}
},
{
"id": "CVE-2025-4002-fbb0b0ae",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"191921237139586538236307394299950485894",
"84210818516765533741133200819114377089",
"127263316154263755031786260639975186863",
"148862171365641641891914714875277448587",
"91402055683624337001456373463015599966",
"334287097222878907213810807709816207479",
"189041496169917525893429877194637249709",
"300426660898589698659240634375435260026",
"28599016512008765235353853924541528336",
"88702490114482450609164787348443581262",
"297371870804072000769745160484342925270"
]
},
"deprecated": false,
"source": "https://github.com/refindplusrepo/refindplus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2",
"signature_type": "Line",
"target": {
"file": "Library/MemLogLib/BootLog.c"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4002.json"