Main Vulnerability Database Vulnerabilities #VU118667

Use-after-free in grub - CVE-2025-61663

Published: November 21, 2025

Vulnerability identifier: #VU118667

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-61663

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
grub

Detailed vulnerability description

The vulnerability allows an attacker to perform a denial of service attack.

The vulnerability exists due to the normal command is not properly unregistered when the module is unloaded. An attacker with physical access to the system can perform a denial of service attack.

How to mitigate CVE-2025-61663

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2414684

Use-after-free in grub - CVE-2025-61663

Detailed vulnerability description

How to mitigate CVE-2025-61663

Sources

Please verify you're human