CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0690: Grub2: read: integer overflow may lead to out-of-bounds write

Description

The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.

Classification

CVE ID: CVE-2025-0690

Problem Types

Out-of-bounds Write

Affected Products

Vendor: Red Hat, Red Hat, Red Hat, Red Hat

Product: Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 17.32% (scored less or equal to compared to others)

EPSS Date: 2025-03-25 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0690
https://access.redhat.com/security/cve/CVE-2025-0690
https://bugzilla.redhat.com/show_bug.cgi?id=2346123

Timeline

2025-02-24 08:40:13 UTC
CVE

Grub2: read: integer overflow may lead to out-of-bounds write