CVE-2025-0624

Grub2: net: out-of-bounds write in grub_net_search_config_file()

Description

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

Remediation

Workaround:

  • Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Category

7.6
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.99% Top 25%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Affected: Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Affected: Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Red Hat OpenShift Container Platform 4.12
Affected: Red Hat Red Hat OpenShift Container Platform 4.13
Affected: Red Hat Red Hat OpenShift Container Platform 4.14
Affected: Red Hat Red Hat OpenShift Container Platform 4.15
Affected: Red Hat Red Hat OpenShift Container Platform 4.16
Affected: Red Hat Red Hat OpenShift Container Platform 4.17
Affected: Red Hat Red Hat OpenShift Container Platform 4.18
Affected: Red Hat Red Hat Enterprise Linux 10
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2025:2521 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2653 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2655 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2675 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2784 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2799 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2867 vendor advisory
https://access.redhat.com/errata/RHSA-2025:2869 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3297 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3301 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3367 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3396 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3573 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3577 vendor advisory
https://access.redhat.com/errata/RHSA-2025:3780 vendor advisory
https://access.redhat.com/errata/RHSA-2025:4422 vendor advisory
https://access.redhat.com/errata/RHSA-2025:7702 vendor advisory
https://access.redhat.com/security/cve/CVE-2025-0624 vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2346112 issue tracking
https://security.netapp.com/advisory/ntap-20250516-0006/

Frequently Asked Questions

What is the severity of CVE-2025-0624?
CVE-2025-0624 has been scored as a high severity vulnerability.
How to fix CVE-2025-0624?
As a workaround for remediating CVE-2025-0624: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2025-0624 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0624 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0624?
CVE-2025-0624 affects Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat OpenShift Container Platform 4.12, Red Hat Red Hat OpenShift Container Platform 4.13, Red Hat Red Hat OpenShift Container Platform 4.14, Red Hat Red Hat OpenShift Container Platform 4.15, Red Hat Red Hat OpenShift Container Platform 4.16, Red Hat Red Hat OpenShift Container Platform 4.17, Red Hat Red Hat OpenShift Container Platform 4.18, Red Hat Red Hat Enterprise Linux 10.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.