Home > Vulnerability Database > CVE-2025-1118

Mend.io Vulnerability Database

CVE-2025-1118

Date: February 19, 2025

A flaw was found in grub2. The grub's dump command is not blocked when grub is in lockdown mode. This allows the user to read any memory information, an attacker may leverage that in order to extract signatures, salts and other sensitive information from the memory.

Severity Score

4.4

Related Resources (6)

Url: https://seclists.org/oss-sec/2025/q1/146

Url: https://access.redhat.com/security/cve/CVE-2025-1118

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1118

Url: https://access.redhat.com/errata/RHSA-2025:16154

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2346137

Url: https://www.mend.io/vulnerability-database/CVE-2025-1118

Severity Score

4.4

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Trust Boundary Violation

CWE-501

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1118

Date: February 19, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?