CVE-2025-0689

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-0689

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0689.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0689

Downstream

BELL-CVE-2025-0689

DEBIAN-CVE-2025-0689

OESA-2025-1216

OESA-2025-1217

OESA-2025-1218

OESA-2025-1291

OESA-2025-1292

SUSE-SU-2025:0586-1

SUSE-SU-2025:0587-1

SUSE-SU-2025:0588-1

SUSE-SU-2025:0607-1

SUSE-SU-2025:0629-1

UBUNTU-CVE-2025-0689

openSUSE-SU-2025:14822-1

Related

Withdrawn

2026-01-27T04:19:54.517370Z

Published

2025-03-03T15:15:16Z

Modified

2026-01-27T04:19:54.517370Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.

References

Affected packages