Executive Summary

Informations
Name CVE-2025-1125 First vendor Publication 2025-03-03
Vendor Cve Last vendor Modification 2025-08-12

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score 6.7
Base Score 6.7 Environmental Score 6.7
impact SubScore 5.9 Temporal Score 6.7
Exploitabality Sub Score 0.8
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7

Sources (Detail)

https://access.redhat.com/security/cve/CVE-2025-1125
https://bugzilla.redhat.com/show_bug.cgi?id=2346138
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-08-18 17:20:42
  • Multiple Updates
2025-08-01 00:20:54
  • Multiple Updates
2025-07-31 21:20:51
  • Multiple Updates
2025-03-06 00:20:40
  • Multiple Updates
2025-03-03 21:20:32
  • First insertion