Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c2vg-36gb-bqas
Vulnerability ID VCID-c2vg-36gb-bqas
Aliases CVE-2025-61664
Summary grub2: Missing unregister call for normal_exit command may lead to use-after-free
Status Published
Exploitability 0.5
Weighted Severity 4.4
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-825 Expired Pointer Dereference
System Score Found at
cvssv3 4.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json
cvssv3.1 4.9 https://access.redhat.com/security/cve/CVE-2025-61664
ssvc Track https://access.redhat.com/security/cve/CVE-2025-61664
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2025-61664
cvssv3.1 4.9 https://bugzilla.redhat.com/show_bug.cgi?id=2414685
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2414685
cvssv3.1 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json
https://api.first.org/data/v1/epss?cve=CVE-2025-61664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61664
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1120968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968
2414685 https://bugzilla.redhat.com/show_bug.cgi?id=2414685
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-61664 https://access.redhat.com/security/cve/CVE-2025-61664
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-61664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/ Found at https://access.redhat.com/security/cve/CVE-2025-61664
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2414685
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2414685
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02997
EPSS Score 0.00015
Published At April 18, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:34:57.581463+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json 38.0.0