CVE-2025-61662 - Vulnerability Details

- Grub2: missing unregister call for gettext command may lead to use-after-free

Description

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Published: 2025-11-18

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free flaw has been identified in GRUB's gettext command handling. The issue arises because the gettext command remains registered in memory after its module is unloaded, allowing an attacker to invoke an orphaned command that accesses freed memory. This leads to a crash of the GRUB boot loader, which can halt the system boot sequence and cause a denial of service. While the attacker does not gain direct read or write access, the crash can disrupt service availability and potentially lead to loss of data integrity if the system is forced to recover from an incomplete boot.

Affected Systems

Affected products include GNU GRUB 2 in general, and several Red Hat distributions. Red Hat Enterprise Linux 10, its Extended Update Support 10.0, the Red Hat Enterprise Linux 7 Extended Lifecycle Support line, RHEL 8 in various update support packages (8, 8.2 AUS, 8.4 AMSC, 8.4 EUS LLA, 8.6 AMSC, 8.6 TuS, 8.8 TuS and 8.8 SAP), RHEL 9 and its EUS and SAP variants (9, 9.0 SAP, 9.2 SAP, 9.4 EUS, 9.6 EUS), and the Red Hat OpenShift Container Platform from version 4.12 to 4.19, which includes the underlying RHEL base. All systems that run the susceptible GRUB2 package are vulnerable.

Risk and Exploitability

The CVSS score of 7.8 classifies the issue as high impact. EPSS indicates a very low probability of exploitation (<1 %), and the vulnerability is not listed in CISA's KEV catalog. The weakness is a use‑after‑free (CWE‑416). Exploitation would require ability to invoke a boot‑time command that references the orphaned gettext entry, typically achievable by manipulating the GRUB configuration or the command line during system boot. A successful exploit would likely provide only denial of service rather than code execution or data disclosure, but it could prevent critical systems from starting.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GNU

grub2

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.14

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`1:2.12-29.el10_1.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 10.0 Extended Update Support

affected

Version	Status	Constraints
`1:2.12-15.el10_0.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

affected

Version	Status	Constraints
`1:2.02-0.87.el7_9.16`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`1:2.02-170.el8_10.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`1:2.02-87.el8_2.14`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`1:2.02-99.el8_4.13`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`1:2.02-99.el8_4.13`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`1:2.02-123.el8_6.19`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`1:2.02-123.el8_6.19`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`1:2.02-123.el8_6.19`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`1:2.02-152.el8_8.3`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`1:2.02-152.el8_8.3`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`1:2.06-114.el9_7.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`1:2.06-27.el9_0.23`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`1:2.06-61.el9_2.11`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`1:2.06-86.el9_4.4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`1:2.06-105.el9_6.1`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.12

affected

Version	Status	Constraints
`412.86.202604010116-0`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.13

affected

Version	Status	Constraints
`413.92.202604080111-0`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.16

affected

Version	Status	Constraints
`416.94.202604211449-0`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.18

affected

Version	Status	Constraints
`418.94.202603181125-0`	unaffected	< *

Red Hat

Red Hat OpenShift Container Platform 4.19

affected

Version	Status	Constraints
`4.19.9.6.202604080618-0`	unaffected	< *

Configuration 1 [-]

cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Workaround

There's no known mitigation available for this vulnerability.

OpenCVE Recommended Actions

Install the Red Hat security updates RHSA‑2026:4648 through RHSA‑2026:5233 (or the latest RHSA that addresses the GRUB2 crash) that apply to your distribution and release.
On systems that use the upstream GNU GRUB 2, apply the corresponding patch or package update released by the GRUB developers (see the 2025‑11 openwall discussion).
Reboot the system after updating GRUB to ensure the new module is loaded and the stale command reference has been removed.
Verify boot success by examining the GRUB log and confirming that no crash occurs; if failures persist, disable custom GRUB extensions or commands until a patched version is available.

Generated by OpenCVE AI on April 20, 2026 at 16:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/11/18/5
https://access.redhat.com/errata/RHSA-2026:10097
https://access.redhat.com/errata/RHSA-2026:4648
https://access.redhat.com/errata/RHSA-2026:4649
https://access.redhat.com/errata/RHSA-2026:4652
https://access.redhat.com/errata/RHSA-2026:4653
https://access.redhat.com/errata/RHSA-2026:4654
https://access.redhat.com/errata/RHSA-2026:4760
https://access.redhat.com/errata/RHSA-2026:4822
https://access.redhat.com/errata/RHSA-2026:4823
https://access.redhat.com/errata/RHSA-2026:4830
https://access.redhat.com/errata/RHSA-2026:4900
https://access.redhat.com/errata/RHSA-2026:4998
https://access.redhat.com/errata/RHSA-2026:5074
https://access.redhat.com/errata/RHSA-2026:5127
https://access.redhat.com/errata/RHSA-2026:5233
https://access.redhat.com/errata/RHSA-2026:6492
https://access.redhat.com/errata/RHSA-2026:7239
https://access.redhat.com/errata/RHSA-2026:7243
https://access.redhat.com/security/cve/CVE-2025-61662
https://bugzilla.redhat.com/show_bug.cgi?id=2414683
https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html
https://nvd.nist.gov/vuln/detail/CVE-2025-61662
https://www.cve.org/CVERecord?id=CVE-2025-61662

History

Thu, 30 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.16::el9
References		https://access.redhat.com/errata/RHSA-2026:10097

Thu, 16 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2026:7239

Thu, 16 Apr 2026 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.19::el9
References		https://access.redhat.com/errata/RHSA-2026:7243

Thu, 09 Apr 2026 11:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8
References		https://access.redhat.com/errata/RHSA-2026:6492

Wed, 25 Mar 2026 05:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.18::el9
References		https://access.redhat.com/errata/RHSA-2026:5127

Mon, 23 Mar 2026 03:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2026:5233

Thu, 19 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2026:5074

Wed, 18 Mar 2026 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2026:4998

Wed, 18 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2026:4900

Wed, 18 Mar 2026 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/o:redhat:rhel_eus:9.6::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2026:4822 https://access.redhat.com/errata/RHSA-2026:4823

Tue, 17 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products		Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2026:4830

Tue, 17 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:4760

Tue, 17 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/o:redhat:enterprise_linux:8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
References		https://access.redhat.com/errata/RHSA-2026:4648 https://access.redhat.com/errata/RHSA-2026:4653

Mon, 16 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2026:4654

Mon, 16 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Eus
CPEs		cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products		Redhat enterprise Linux Eus
References		https://access.redhat.com/errata/RHSA-2026:4652

Mon, 16 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.1
References		https://access.redhat.com/errata/RHSA-2026:4649

Thu, 12 Mar 2026 11:45:00 +0000

Type	Values Removed	Values Added
References		https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html

Wed, 21 Jan 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 08 Jan 2026 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnu Gnu grub2
CPEs		cpe:2.3:a:gnu:grub2::::::::
Vendors & Products		Gnu Gnu grub2

Wed, 19 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://www.cve.org/CVERecord?id=CVE-2025-61662
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 18 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/11/18/5

Tue, 18 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 18 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
Description		A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
Title		Grub2: missing unregister call for gettext command may lead to use-after-free
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-61662 https://bugzilla.redhat.com/show_bug.cgi?id=2414683
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

Subscriptions

Gnu Grub2

Redhat Enterprise Linux Enterprise Linux Eus Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-11-18T18:20:48.351Z

Updated: 2026-04-30T13:35:44.987Z

Reserved: 2025-09-29T20:18:48.975Z

Link: CVE-2025-61662

Vulnrichment

Updated: 2025-11-18T22:03:43.738Z

NVD

Status : Modified

Published: 2025-11-18T19:15:50.203

Modified: 2026-04-30T14:16:26.330

Link: CVE-2025-61662

Redhat

Severity : Moderate

Publid Date: 2025-11-18T00:00:00Z

Links: CVE-2025-61662 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T16:30:06Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object