CVE-2025-0689

{"id": "CVE-2025-0689", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-03-03T15:15:16.147", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-0689", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections."}, {"lang": "es", "value": "Al leer datos del disco, el m\u00f3dulo de sistema de archivos UDF de grub utiliza los metadatos de longitud de datos controlados por el usuario para asignar sus b\u00faferes internos. En ciertos escenarios, al iterar a trav\u00e9s de los sectores del disco, asume que el tama\u00f1o de lectura del disco siempre es menor que el tama\u00f1o de b\u00fafer asignado, lo que no est\u00e1 garantizado. Una imagen de sistema de archivos manipulado puede provocar un desbordamiento de b\u00fafer basado en el mont\u00f3n que da como resultado la corrupci\u00f3n de datos cr\u00edticos, lo que genera el riesgo de ejecuci\u00f3n de c\u00f3digo arbitrario que pasa por alto las protecciones de arranque seguro."}], "lastModified": "2025-08-12T14:15:27.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ECC2401-511C-4A2E-878F-C7053FA3ABB1", "versionEndIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}