CVE-2025-4002

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4002

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4002.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4002

Published

2025-04-28T05:15:18Z

Modified

2025-10-22T16:09:54.501748Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/refindplusrepo/refindplus

Affected ranges

Type: GIT
Repo: https://github.com/refindplusrepo/refindplus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d2143a1e2deefddd9b105fb7160763c4f8d47ea2

Affected versions

v0.*

v0.12.0.AA

v0.12.0.AB

v0.12.0.AN

v0.12.0.AQ

v0.12.0.C

v0.12.0.D

v0.12.0.E

v0.12.0.F

v0.12.0.G

v0.12.0.H

v0.12.0.J

v0.12.0.K

v0.12.0.L

v0.12.0.M

v0.13.1.AA

v0.13.1.AB

v0.13.2.AA

v0.13.2.AB

v0.13.2.AC

v0.13.2.AD

v0.13.2.AE

v0.13.2.AF

v0.13.2.AG

v0.13.2.AH

v0.13.2.AJ

v0.13.2.AK

v0.13.2.AL

v0.13.2.AM

v0.13.2.AN

v0.13.2.AP

v0.13.3.AA

v0.13.3.AB

v0.13.3.AC

v0.13.3.AD

v0.14.0.AA

v0.14.0.AB

v0.14.0.AC

v0.14.1.AA

v0.14.2.AA

v0.14.2.AB

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/refindplusrepo/refindplus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2",
        "target": {
            "function": "GetDebugLogFile",
            "file": "Library/MemLogLib/BootLog.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2025-4002-72a4832e",
        "digest": {
            "length": 623.0,
            "function_hash": "329880505637215782182931889380913516842"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/refindplusrepo/refindplus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2",
        "target": {
            "file": "Library/MemLogLib/BootLog.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2025-4002-fbb0b0ae",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "191921237139586538236307394299950485894",
                "84210818516765533741133200819114377089",
                "127263316154263755031786260639975186863",
                "148862171365641641891914714875277448587",
                "91402055683624337001456373463015599966",
                "334287097222878907213810807709816207479",
                "189041496169917525893429877194637249709",
                "300426660898589698659240634375435260026",
                "28599016512008765235353853924541528336",
                "88702490114482450609164787348443581262",
                "297371870804072000769745160484342925270"
            ]
        },
        "signature_type": "Line"
    }
]