CVE-2025-4002

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.6 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 3.1 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2
https://github.com/RefindPlusRepo/RefindPlus/issues/204
https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643
https://vuldb.com/?ctiid.306338
https://vuldb.com/?id.306338
https://vuldb.com/?submit.558122

Configurations

No configuration.

History

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en RefindPlusRepo RefindPlus 0.14.2.AB y se clasificó como problemática. Este problema afecta a la función GetDebugLogFile del archivo Library/MemLogLib/BootLog.c. La manipulación provoca la desreferenciación de punteros nulos. Es necesario realizar ataques locales. El parche se identifica como d2143a1e2deefddd9b105fb7160763c4f8d47ea2. Se recomienda aplicar un parche para solucionar este problema.

28 Apr 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-28 05:15

Updated : 2025-04-29 13:52

NVD link : CVE-2025-4002

Mitre link : CVE-2025-4002

CVE.ORG link : CVE-2025-4002

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-4002", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-28T05:15:18.057", "references": [{"url": "https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2", "source": "cna@vuldb.com"}, {"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/204", "source": "cna@vuldb.com"}, {"url": "https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.306338", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.306338", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.558122", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en RefindPlusRepo RefindPlus 0.14.2.AB y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a la funci\u00f3n GetDebugLogFile del archivo Library/MemLogLib/BootLog.c. La manipulaci\u00f3n provoca la desreferenciaci\u00f3n de punteros nulos. Es necesario realizar ataques locales. El parche se identifica como d2143a1e2deefddd9b105fb7160763c4f8d47ea2. Se recomienda aplicar un parche para solucionar este problema."}], "lastModified": "2025-04-29T13:52:10.697", "sourceIdentifier": "cna@vuldb.com"}