CVE-2025-1118

Source
https://cve.org/CVERecord?id=CVE-2025-1118
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1118.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-1118
Downstream
Related
Published
2025-02-19T17:54:27.651Z
Modified
2026-07-15T03:32:40.038712643Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
Details

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.

Database specific
{
    "cwe_ids": [
        "CWE-501"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1118.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / https.git.savannah.gnu.org/git/grub.git/

Affected ranges

Type
GIT
Repo
https://https.git.savannah.gnu.org/git/grub.git/
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ca9db22e8ed0dbebb2aec53722972de0680a463
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.12"
        }
    ]
}

Affected versions

1.*
1.98
1.99
2.*
2.00
2.02
2.02-beta3
2.02-rc1
2.02-rc2
grub-2.*
grub-2.02
grub-2.02-beta1
grub-2.02-beta2
grub-2.02-beta3
grub-2.02-rc1
grub-2.02-rc2
grub-2.04
grub-2.04-rc1
grub-2.06
grub-2.06-rc1
grub-2.06-rc1a
grub-2.12
grub-2.12-rc1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1118.json"