CVE-2025-1118

Published Feb 19, 2025

Last updated 4 days ago

CVSS medium 4.4

Overview

Description
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
Source
secalert@redhat.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
4.4
Impact score
3.6
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-501

Social media

Hype score
Not currently trending

  1. CVE-2025-1118 A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may l… https://t.co/2ilfdUBotO

    @CVEnew

    19 Feb 2025

    321 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References