CVE-2025-0624
Published: 19 February 2025
Summary
CVE-2025-0624 is a high-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Bootkit (T1542.003); ranked in the top 28.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0624 is an out-of-bounds write vulnerability in the GRUB2 bootloader. It occurs during the network boot process when GRUB2 copies data from a user-controlled environment variable into an internal buffer via the grub_strcpy() function without accounting for the variable's length, leading to memory corruption. The flaw is tracked under CWE-787 and carries a CVSS 3.1 score of 7.6.
An attacker positioned on the same network segment as the target system can supply a malicious environment variable while GRUB2 searches for its configuration file. Successful exploitation grants remote code execution, which can be leveraged to bypass Secure Boot protections.
Multiple Red Hat Security Advisories (RHSA-2025:2521, RHSA-2025:2653, RHSA-2025:2655, RHSA-2025:2675, and RHSA-2025:2784) address the issue through updated GRUB2 packages.
EPSS for the CVE rose from a low baseline to a peak of 0.0254 on 2026-02-18 before receding to the current value of 0.0066, indicating a temporary increase in exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4653
Vulnerability details
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it…
more
fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in GRUB2 network boot enables RCE that can install a bootkit and bypass secure boot (T1542.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates timely remediation of identified flaws like the grub2 out-of-bounds write via vendor patches such as RHSA-2025:2521.
Requires validation of the length and content of user-controlled environment variables to prevent buffer overflows during grub2 network boot configuration search.
Implements memory protection mechanisms such as bounds checking to mitigate out-of-bounds writes in bootloader processes like grub2.