GRUB2 Normal Module UAF Can Crash or Leak Data
CVE-2025-61664 Published on November 18, 2025

Grub2: missing unregister call for normal_exit command may lead to use-after-free
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.

NVD

Vulnerability Analysis

CVE-2025-61664 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public. 6 days later.

Weakness Type

What is a Dangling pointer Vulnerability?

The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid. When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.

CVE-2025-61664 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2025-61664

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-61664 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 
GNU Grub2
 

Affected Versions

GNU grub2: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4:

Exploit Probability

EPSS
0.02%
Percentile
4.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.