CVE-2025-4002
MEDIUMRefindPlusRepo RefindPlus 0.14.2.AB - Null Pointer Dereference
Title source: llmDescription
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.306338
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.306338
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.558122
Issue Tracking issue-tracking
https://github.com/RefindPlusRepo/RefindPlus/issues/204
Issue Tracking issue-tracking
https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
4.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
CWE-476
Status
published
Products (1)
RefindPlusRepo/RefindPlus
0.14.2.AB
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026