CVE-2025-0624 - Vulnerability Details

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
grub2-1:2.02-0.87.el7_9.15	cpe:/o:redhat:rhel_els:7	RHSA-2025:3396	2025-03-31T00:00:00Z
Red Hat Enterprise Linux 8
grub2-1:2.02-162.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:3367	2025-03-27T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
grub2-1:2.02-87.el8_2.13	cpe:/o:redhat:rhel_aus:8.2	RHSA-2025:2784	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_aus:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_tus:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
grub2-1:2.02-99.el8_4.12	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:2655	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_aus:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_tus:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
grub2-1:2.02-123.el8_6.18	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:2653	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
grub2-1:2.02-152.el8_8.2	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:2521	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9
grub2-1:2.06-94.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:2867	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
grub2-1:2.06-27.el9_0.22	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2025:2799	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
grub2-1:2.06-61.el9_2.10	cpe:/o:redhat:rhel_eus:9.2	RHSA-2025:2869	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
grub2-1:2.06-86.el9_4.2	cpe:/o:redhat:rhel_eus:9.4	RHSA-2025:2675	2025-03-12T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202503310142-0	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:3573	2025-04-10T00:00:00Z
Red Hat OpenShift Container Platform 4.13
rhcos-413.92.202504070146-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2025:3780	2025-04-17T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202505141057-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2025:7702	2025-05-21T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202504282058-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:4422	2025-05-08T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202503252048-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:3301	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202503241418-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:3297	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.18
rhcos-418.94.202504021150-0	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:3577	2025-04-10T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:2521
https://access.redhat.com/errata/RHSA-2025:2653
https://access.redhat.com/errata/RHSA-2025:2655
https://access.redhat.com/errata/RHSA-2025:2675
https://access.redhat.com/errata/RHSA-2025:2784
https://access.redhat.com/errata/RHSA-2025:2799
https://access.redhat.com/errata/RHSA-2025:2867
https://access.redhat.com/errata/RHSA-2025:2869
https://access.redhat.com/errata/RHSA-2025:3297
https://access.redhat.com/errata/RHSA-2025:3301
https://access.redhat.com/errata/RHSA-2025:3367
https://access.redhat.com/errata/RHSA-2025:3396
https://access.redhat.com/errata/RHSA-2025:3573
https://access.redhat.com/errata/RHSA-2025:3577
https://access.redhat.com/errata/RHSA-2025:3780
https://access.redhat.com/errata/RHSA-2025:4422
https://access.redhat.com/errata/RHSA-2025:7702
https://access.redhat.com/security/cve/CVE-2025-0624
https://bugzilla.redhat.com/show_bug.cgi?id=2346112
https://nvd.nist.gov/vuln/detail/CVE-2025-0624
https://security.netapp.com/advisory/ntap-20250516-0006/
https://www.cve.org/CVERecord?id=CVE-2025-0624

History

Wed, 21 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9
References		https://access.redhat.com/errata/RHSA-2025:7702

Wed, 21 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Fri, 16 May 2025 23:45:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20250516-0006/

Fri, 09 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9
References		https://access.redhat.com/errata/RHSA-2025:4422

Thu, 17 Apr 2025 13:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9
References		https://access.redhat.com/errata/RHSA-2025:3780

Thu, 10 Apr 2025 22:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9
References		https://access.redhat.com/errata/RHSA-2025:3573

Thu, 10 Apr 2025 13:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.18::el9
References		https://access.redhat.com/errata/RHSA-2025:3577

Thu, 03 Apr 2025 10:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:3297

Thu, 03 Apr 2025 00:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.16::el9
References		https://access.redhat.com/errata/RHSA-2025:3301

Mon, 31 Mar 2025 04:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:3396

Fri, 28 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Thu, 27 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:3367

Mon, 17 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_eus:9.2

Mon, 17 Mar 2025 05:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:2869

Mon, 17 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:2867

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_e4s:9.0

Thu, 13 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:2799

Thu, 13 Mar 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:2784

Thu, 13 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.4

Wed, 12 Mar 2025 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:9.4::baseos
References		https://access.redhat.com/errata/RHSA-2025:2675

Wed, 12 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.4 cpe:/o:redhat:rhel_tus:8.6

Tue, 11 Mar 2025 11:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
References		https://access.redhat.com/errata/RHSA-2025:2653

Tue, 11 Mar 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:2655

Tue, 11 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_eus:8.8

Mon, 10 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/o:redhat:rhel_eus:8.8::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:2521

Wed, 19 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 19 Feb 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
Title	grub2: net: Out-of-bounds write in grub_net_search_config_file()	Grub2: net: out-of-bounds write in grub_net_search_config_file()
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-0624 https://bugzilla.redhat.com/show_bug.cgi?id=2346112

Wed, 19 Feb 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		grub2: net: Out-of-bounds write in grub_net_search_config_file()
Weaknesses		CWE-787
References		https://nvd.nist.gov/vuln/detail/CVE-2025-0624 https://www.cve.org/CVERecord?id=CVE-2025-0624
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-02-19T18:23:21.463Z

Updated: 2025-09-25T17:20:54.422Z

Reserved: 2025-01-21T16:49:51.381Z

Link: CVE-2025-0624

Vulnrichment

Updated: 2025-05-16T23:03:03.150Z

NVD

Status : Awaiting Analysis

Published: 2025-02-19T19:15:15.120

Modified: 2025-05-21T15:16:04.547

Link: CVE-2025-0624

Redhat

Severity : Important

Publid Date: 2025-02-18T18:00:00Z

Links: CVE-2025-0624 - Bugzilla

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object