CVE-2025-0690

Published Feb 24, 2025

Last updated 18 days ago

Overview

Description
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
5.9
Exploitability score
0.2
Vector string
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-787

Social media

Hype score
Not currently trending
  1. ⚠️ Una vulnerabilidad recientemente revelada en el manejo de la entrada del teclado de GRUB2 (CVE-2025-0690) podría permitir ejecutar código arbitrario o eludir las protecciones de arranque seguro. 🧉 https://t.co/TE3bnWdW5t

    @MarquisioX

    25 Feb 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. GRUB2 Vulnerability (CVE-2025-0690) Could Bypass Secure Boot, Exposing Systems to Heap Memory Corruption https://t.co/DuyH9jWatK via @Fintter Security #GRUB2 #CVE20250690 #LinuxSecurity #SecureBoot #HeapCorruption #BootloaderVulnerability #RedHat #TrendingNow

    @FintterTvi

    25 Feb 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-0690 🟠 MEDIUM (6.1) 🏢 Red Hat - Red Hat Enterprise Linux 7 🏗️ None 🔗 https://t.co/qIzffsrrfg 🔗 https://t.co/LmRw45yHiD #CyberCron #VulnAlert https://t.co/IM0ieAsghq

    @cybercronai

    24 Feb 2025

    142 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-0690 Buffer Overflow Vulnerability in Linux Grub Read Command Enabling Potenti... https://t.co/Awm3buMpXh Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    24 Feb 2025

    50 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. RedHat Out-of-bounds Write vulnerability (CVE-2025-0690) #CVE20250690 #CyberSecurity #OutofBoundsWriteVulnerability #RedHat https://t.co/WzeWSgpOPO https://t.co/Y9ptuSCBoc

    @SystemTek_UK

    24 Feb 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-0690 The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate t… https://t.co/h8cfh13Eyj

    @CVEnew

    24 Feb 2025

    513 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes