CVE-2025-54771 MEDIUM

CVE-2025-54771: Grub2: use-after-free in grub_file_close()

Vendor Gnu
Product grub2
Weakness CWE-825
Published November 18, 2025
Last update May 19, 2026

CVSS base score

4.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
May 19, 2026 Record updated