Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-744c-pb2n-5kf4
Vulnerability ID VCID-744c-pb2n-5kf4
Aliases CVE-2021-20225
Summary Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2021-20225
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Medium https://security.archlinux.org/AVG-1629
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json
https://api.first.org/data/v1/epss?cve=CVE-2021-20225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1924696 https://bugzilla.redhat.com/show_bug.cgi?id=1924696
ASA-202106-43 https://security.archlinux.org/ASA-202106-43
AVG-1629 https://security.archlinux.org/AVG-1629
GLSA-202104-05 https://security.gentoo.org/glsa/202104-05
RHSA-2021:0696 https://access.redhat.com/errata/RHSA-2021:0696
RHSA-2021:0697 https://access.redhat.com/errata/RHSA-2021:0697
RHSA-2021:0698 https://access.redhat.com/errata/RHSA-2021:0698
RHSA-2021:0699 https://access.redhat.com/errata/RHSA-2021:0699
RHSA-2021:0700 https://access.redhat.com/errata/RHSA-2021:0700
RHSA-2021:0701 https://access.redhat.com/errata/RHSA-2021:0701
RHSA-2021:0702 https://access.redhat.com/errata/RHSA-2021:0702
RHSA-2021:0703 https://access.redhat.com/errata/RHSA-2021:0703
RHSA-2021:0704 https://access.redhat.com/errata/RHSA-2021:0704
RHSA-2021:1734 https://access.redhat.com/errata/RHSA-2021:1734
RHSA-2021:2566 https://access.redhat.com/errata/RHSA-2021:2566
RHSA-2021:2790 https://access.redhat.com/errata/RHSA-2021:2790
RHSA-2021:3675 https://access.redhat.com/errata/RHSA-2021:3675
USN-4992-1 https://usn.ubuntu.com/4992-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.21354
EPSS Score 0.0007
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:14:12.701983+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202104-05 38.0.0