CVE-2025-61662

Source
https://cve.org/CVERecord?id=CVE-2025-61662
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61662.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-61662
Downstream
Related
Published
2025-11-18T18:20:48.351Z
Modified
2026-07-15T01:49:02.841538349Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Grub2: missing unregister call for gettext command may lead to use-after-free
Details

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61662.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / https.git.savannah.gnu.org/git/grub.git/

Affected ranges

Type
GIT
Repo
https://https.git.savannah.gnu.org/git/grub.git/
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d38d6a1a9b79427848976f53d474392cd29c2a71
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.14"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

1.*
1.98
1.99
2.*
2.00
2.02
2.02-beta3
2.02-rc1
2.02-rc2
grub-2.*
grub-2.02
grub-2.02-beta1
grub-2.02-beta2
grub-2.02-beta3
grub-2.02-rc1
grub-2.02-rc2
grub-2.04
grub-2.04-rc1
grub-2.06
grub-2.06-rc1
grub-2.06-rc1a
grub-2.12
grub-2.12-rc1
grub-2.14
grub-2.14-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61662.json"