Home > Vulnerability Database > CVE-2025-0624

Mend.io Vulnerability Database

CVE-2025-0624

Date: February 19, 2025

A flaw was found in grub2. During the network boot process when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using grub_strcpy() function. During this step it fails to consider the environment variable length when allocating the internal buffer, resulting in a out-of-bounds write. If correctly exploited this issue may result in remote code execution through the same network segment the grub is searching for the boot information, which can be used to by-pass secure boot protections.

Severity Score

7.6

Related Resources (23)

Url: https://seclists.org/oss-sec/2025/q1/146

Url: https://access.redhat.com/errata/RHSA-2025:2869

Url: https://security.netapp.com/advisory/ntap-20250516-0006/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2346112

Url: https://access.redhat.com/errata/RHSA-2025:2867

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0624

Url: https://access.redhat.com/errata/RHSA-2025:2799

Url: https://access.redhat.com/errata/RHSA-2025:2655

Url: https://access.redhat.com/errata/RHSA-2025:2784

Url: https://access.redhat.com/errata/RHSA-2025:3367

Url: https://access.redhat.com/errata/RHSA-2025:3301

Url: https://access.redhat.com/errata/RHSA-2025:2521

Url: https://access.redhat.com/errata/RHSA-2025:2653

Url: https://access.redhat.com/errata/RHSA-2025:2675

Url: https://access.redhat.com/errata/RHSA-2025:3577

Url: https://access.redhat.com/errata/RHSA-2025:4422

Url: https://access.redhat.com/errata/RHSA-2025:7702

Url: https://access.redhat.com/errata/RHSA-2025:3396

Url: https://access.redhat.com/errata/RHSA-2025:3297

Url: https://access.redhat.com/errata/RHSA-2025:3573

Url: https://access.redhat.com/errata/RHSA-2025:3780

Url: https://access.redhat.com/security/cve/CVE-2025-0624

Url: https://www.mend.io/vulnerability-database/CVE-2025-0624

Severity Score

7.6

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0624

Date: February 19, 2025

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?