CVE-2025-1118 MEDIUM

CVE-2025-1118: Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled

Vendor Red Hat
Product Red Hat Enterprise Linux 7
Weakness CWE-501
Published February 19, 2025
Last update June 29, 2026

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Key dates

02Disclosure timeline

February 19, 2025 CVE published
June 29, 2026 Record updated