CVE-2025-1118
4.4
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
How to fix CVE-2025-1118
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/grub2—no fix listed
Is CVE-2025-1118 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |