Metrics
Affected Vendors & Products
Tue, 12 Aug 2025 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
Thu, 31 Jul 2025 18:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Gnu Gnu grub2 | |
| CPEs | cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:* | |
| Vendors & Products | Gnu Gnu grub2 | 
Sat, 05 Jul 2025 06:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:/o:redhat:enterprise_linux:10 | 
Wed, 05 Mar 2025 21:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 04 Mar 2025 03:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 03 Mar 2025 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | grub2: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution | Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution | 
| First Time appeared | Redhat Redhat enterprise Linux Redhat openshift | |
| CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 | |
| Vendors & Products | Redhat Redhat enterprise Linux Redhat openshift | |
| References |  | 
Tue, 25 Feb 2025 02:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | No description is available for this CVE. | When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections. | 
Wed, 19 Feb 2025 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | No description is available for this CVE. | |
| Title | grub2: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution | |
| Weaknesses | CWE-120 | |
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published: 2025-03-03T14:17:32.517Z
Updated: 2025-08-12T13:57:29.290Z
Reserved: 2025-01-23T19:49:12.475Z
Link: CVE-2025-0689
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-03-03T15:10:33.471Z
 NVD
                        NVD
                    Status : Modified
Published: 2025-03-03T15:15:16.147
Modified: 2025-08-12T14:15:27.093
Link: CVE-2025-0689
 Redhat
                        Redhat