Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ur99-cm1x-cfdm
Vulnerability ID VCID-ur99-cm1x-cfdm
Aliases CVE-2025-61663
Summary grub2: Missing unregister call for normal commands may lead to use-after-free
Status Published
Exploitability 0.5
Weighted Severity 4.4
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-825 Expired Pointer Dereference
System Score Found at
cvssv3 4.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json
cvssv3.1 4.9 https://access.redhat.com/security/cve/CVE-2025-61663
ssvc Track https://access.redhat.com/security/cve/CVE-2025-61663
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-61663
cvssv3.1 4.9 https://bugzilla.redhat.com/show_bug.cgi?id=2414684
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2414684
cvssv3.1 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json
https://api.first.org/data/v1/epss?cve=CVE-2025-61663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61663
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1120968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968
2414684 https://bugzilla.redhat.com/show_bug.cgi?id=2414684
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-61663 https://access.redhat.com/security/cve/CVE-2025-61663
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-61663
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/ Found at https://access.redhat.com/security/cve/CVE-2025-61663
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2414684
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2414684
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05056
EPSS Score 0.00019
Published At April 18, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:34:57.561308+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json 38.0.0