VYPR
Unrated severityNVD Advisory· Published Oct 5, 2009· Updated Jun 16, 2026

CVE-2009-3525

CVE-2009-3525

Description

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Xen/Xen4 versions
    cpe:2.3:a:xen:xen:3.0.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:xen:xen:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xen:xen:3.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xen:xen:3.3.1:*:*:*:*:*:*:*
    • (no CPE)range: 3.0.3, 3.3.0, 3.3.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.