Description

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

INFO

Published Date :

2025-02-19T18:23:21.463Z

Last Modified :

2026-02-26T19:08:48.261Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0624 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0624.

URL Resource
https://access.redhat.com/errata/RHSA-2025:2521 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2653 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2655 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2675 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2784 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2799 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2867 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2869 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3297 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3301 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3367 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3396 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3573 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3577 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3780 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:4422 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7702 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-0624 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2346112 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-0624 cve-icon
https://security.netapp.com/advisory/ntap-20250516-0006/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-0624 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact