CVE-2025-61662

7.8 HIGH

Published: November 18, 2025 Modified: April 16, 2026

Description

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2026:4648

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4649

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4652

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4653

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4654

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4760

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4822

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4823

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4830

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4900

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:4998

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:5074

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:5127

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:5233

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:6492

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:7239

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:7243

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-61662

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2414683

Source: secalert@redhat.com

Issue Tracking Third Party Advisory

https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2025/11/18/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

21 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.0%

2th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-416

Affected Vendors

gnu

Related CVEs

CVE-2026-41044 N/A

CVE-2026-41043 N/A

CVE-2026-40466 N/A

CVE-2025-62233 N/A

CVE-2026-6272 N/A