CVE-2025-4003
MEDIUMRefindPlusRepo RefindPlus <0.14.2.AB - Null Pointer Dereference
Title source: llmDescription
A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB. It has been classified as problematic. This affects the function InternalApfsTranslateBlock of the file Library/RP_ApfsLib/RP_ApfsIo.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The patch is named 4d35125ca689a255647e9033dd60c257d26df7cb. It is recommended to apply a patch to fix this issue.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.306339
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.306339
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.558123
Issue Tracking issue-tracking
https://github.com/RefindPlusRepo/RefindPlus/issues/206
Issue Tracking issue-tracking
https://github.com/RefindPlusRepo/RefindPlus/issues/206#event-16595888967
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
4.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
CWE-476
Status
published
Products (1)
RefindPlusRepo/RefindPlus
0.14.2.AB
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026