What is CVE-2025-61664?

CVE-2025-61664 is a medium-severity vulnerability in Gnu Grub2, classified under CWE-825. CVSS score: 4.9/10. Published 2025-11-18.

How severe is CVE-2025-61664?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Vulnerability in Gnu Grub2

CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacke…

EPSS: 0.000 (4.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Gnu Grub2 — versions 0
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Openshift Container Platform 4

Weakness classification (CWE)

CWE-825

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
secalert@redhat.com

Frequently asked questions

What is CVE-2025-61664?: CVE-2025-61664 is a medium-severity vulnerability in Gnu Grub2, classified under CWE-825. CVSS score: 4.9/10. Published 2025-11-18.
How severe is CVE-2025-61664?: Medium severity. CVSS v3 base score is 4.9 out of 10.