CVE-2025-54771

CWE-8257 documents7 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 91.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Grub2

Timeline

PublishedNov 18

Description

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 1.4 | Impact: 3.4

Affected Packages1 packages

▶CVEListV5gnu/grub22.14

🔴Vulnerability Details

CVEList

Grub2: use-after-free in grub_file_close()↗2025-11-18

▶

GHSA

GHSA-5rr4-3f6q-m7hp: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader)↗2025-11-18

▶

OSV

CVE-2025-54771: A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader)↗2025-11-18

▶

📋Vendor Advisories

Red Hat

grub2: Use-after-free in grub_file_close()↗2025-11-18

▶

Microsoft

Grub2: use-after-free in grub_file_close()↗2025-11-11

▶

Debian

CVE-2025-54771: grub2 - A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unifie...↗2025

▶