CVE-2025-1118 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-1118

CVE-2025-1118

Published At:February 19, 2025

Updated At:April 07, 2026

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Related Resources (6)

https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f

https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html

https://access.redhat.com/errata/RHSA-2025:16154

https://access.redhat.com/security/cve/CVE-2025-1118

https://bugzilla.redhat.com/show_bug.cgi?id=2346137

https://seclists.org/oss-sec/2025/q1/146

Do you need more information?

CVSS v4

Base Score:

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Trust Boundary Violation

CWE-501

EPSS

Base Score:

0.02

Products

Solutions

Resources

Company

Compare

Developer Tools