Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.6
CVSSv3

CVE-2025-0624

CVSSv4: NA | CVSSv3: 7.6 | CVSSv2: NA | VMScore: 860 | EPSS: 0.01152 | KEV: Not Included
Published: 19/02/2025 Updated: 19/02/2025

Vulnerability Summary

Grub2 Remote Code Execution Vulnerability During Network Boot Process

A vulnerability has been discovered in grub2 during the network boot process. When searching for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grub_strcpy() function. The function does not properly check the environment variable length when allocating the internal buffer, which leads to an out-of-bounds write. If successfully exploited, this vulnerability could enable remote code execution within the same network segment where grub is searching for boot information. This could potentially allow an attacker to bypass secure boot protections.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

red hat red hat enterprise linux 7

red hat red hat enterprise linux 8

red hat red hat enterprise linux 9

red hat red hat openshift container platform 4

Vendor Advisories

Debian CVElist Bug Report Logs: grub2: CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125
Debian Bug report logs - #1098319 grub2: CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125 ...

Mailing Lists

Full Disclosure: GRUB CVE disclosures
listsgnuorg/archive/html/grub-devel/2025-02/msg00024html 1) CVE-2024-45774: reader/jpeg: Heap OOB Write during JPEG parsing 2) CVE-2024-45775: commands/extcmd: Missing check for failed allocation 3) CVE-2024-45776: grub-core/gettext: Integer overflow leads to Heap OO Write and Read 4) CVE-2024-45777: grub-core/ge ...

References

CWE-787https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319https://nvd.nist.govhttps://www.first.org/epsshttps://access.redhat.com/security/cve/CVE-2025-0624https://bugzilla.redhat.com/show_bug.cgi?id=2346112
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ssl.comCVE-2025-3278CVE-2025-24054brute forcefirewallprivilege escalationCVE-2025-24914qriousladCVE-2025-42599pritunlnamelessmcCVE-2025-3103CVE-2025-43895
Home
/
Search Results
/
CVE-2025-0624
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook