CVE-2025-0624

HIGH

Red Hat Enterprise Linux 7 Extended Lifecycle Support - Out-of-bounds Write in grub2 Network Boot Configuration

Title source: llm
STIX 2.1

Description

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

References (20)

Core 20
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2521
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2653
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2655
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2675
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2784
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2799
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2867
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:2869
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3297
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3301
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3367
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3396
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3573
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3577
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3780
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4422
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7702
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-0624
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2346112

Scores

CVSS v3 7.6
EPSS 0.0068
EPSS Percentile 71.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (22)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 1:2.02-0.87.el7_9.15
Red Hat/Red Hat Enterprise Linux 8 1:2.02-162.el8_10
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 1:2.02-87.el8_2.13
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 1:2.02-99.el8_4.12
Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service 1:2.02-99.el8_4.12
Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions 1:2.02-99.el8_4.12
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 1:2.02-123.el8_6.18
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 1:2.02-123.el8_6.18
Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 1:2.02-123.el8_6.18
... and 12 more
Published Feb 19, 2025
Tracked Since Feb 18, 2026