GRUB2: UAF in normal command leads to DoS
CVE-2025-61663 Published on November 18, 2025

Grub2: missing unregister call for normal commands may lead to use-after-free
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.

NVD

Vulnerability Analysis

CVE-2025-61663 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public. 6 days later.

Weakness Type

What is a Dangling pointer Vulnerability?

The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

CVE-2025-61663 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2025-61663

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-61663 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 
GNU Grub2
 

Affected Versions

GNU grub2: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4:

Exploit Probability

EPSS
0.02%
Percentile
4.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.