CVE-2025-54771
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A use-after-free vulnerability has been identified in GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service.
Risk Assessment
The risk for the organization includes potential denial of service that could prevent system boot. Possible data integrity or confidentiality compromise is not discarded.
Recommendation
It is recommended to immediately update GRUB to the latest available version containing the fix. Monitor official security advisories from the operating system distribution.
Original NVD description (English source)
A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

