Home > Vulnerability Database > CVE-2025-61662

Mend.io Vulnerability Database

CVE-2025-61662

Good to know:

Date: November 18, 2025

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Severity Score

4.9

Related Resources (5)

Url: https://access.redhat.com/security/cve/CVE-2025-61662

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61662

Url: http://www.openwall.com/lists/oss-security/2025/11/18/5

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2414683

Url: https://www.mend.io/vulnerability-database/CVE-2025-61662

Severity Score

4.9

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61662

Good to know:

Date: November 18, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?