affected published on 18 Dec 2025 CVE-2025-61662 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse removed 4 maintainers @SigmaSquadron @hehongbo @digitalrane @CertainLach 5 days ago @LeSuisse removed 2 packages grub2_pvhgrub_image grub2_pvgrub_image 5 days ago @LeSuisse accepted as draft 5 days ago @LeSuisse update 5 days ago update Grub2: missing unregister call for gettext command may lead to use-after-free A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. Affected products grub2 rhcos Matching in nixpkgs
CVE-2025-61662 4.9 MEDIUM CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): HIGH Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW updated 5 days ago by @LeSuisse Activity log Created automatic suggestion 1 month ago @LeSuisse removed 4 maintainers @SigmaSquadron @hehongbo @digitalrane @CertainLach 5 days ago @LeSuisse removed 2 packages grub2_pvhgrub_image grub2_pvgrub_image 5 days ago @LeSuisse accepted as draft 5 days ago @LeSuisse update 5 days ago update Grub2: missing unregister call for gettext command may lead to use-after-free A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. Affected products grub2 rhcos Matching in nixpkgs