CVE-2025-0624
Description
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2025-0624: heap out-of-bounds write in GRUB2's network boot config file search enables remote code execution and Secure Boot bypass.
CVE-2025-0624 is a heap buffer overflow vulnerability in the GRUB2 bootloader, specifically in the function grub_net_search_config_file(). During network boot (PXE), GRUB2 copies user-controlled environment variable data into a fixed-size internal buffer using grub_strcpy() without validating the length of the source string. This results in an out-of-bounds write beyond the allocated buffer [1][2].
The attack surface is the network boot process; an attacker must be on the same network segment as the target system and control the DHCP or TFTP server that provides the boot configuration. No authentication is required because the environment variable is supplied during the PXE handshake. By crafting an overly long environment variable, the attacker can overflow the heap buffer [1].
Successful exploitation allows remote code execution within the GRUB2 context before the operating system loads. Since GRUB2 runs before Secure Boot verification, this can be used to bypass Secure Boot protections and execute arbitrary, unverified code [1].
Red Hat has released updated packages for OpenShift Container Platform versions 4.15.50, 4.16.38, 4.17.23, and 4.18.8 that include patches for this vulnerability [1][2][3][4]. No workarounds are documented; applying the update is the recommended action.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- access.redhat.com/errata/RHSA-2025:2521nvd
- access.redhat.com/errata/RHSA-2025:2653nvd
- access.redhat.com/errata/RHSA-2025:2655nvd
- access.redhat.com/errata/RHSA-2025:2675nvd
- access.redhat.com/errata/RHSA-2025:2784nvd
- access.redhat.com/errata/RHSA-2025:2799nvd
- access.redhat.com/errata/RHSA-2025:2867nvd
- access.redhat.com/errata/RHSA-2025:2869nvd
- access.redhat.com/errata/RHSA-2025:3297nvd
- access.redhat.com/errata/RHSA-2025:3301nvd
- access.redhat.com/errata/RHSA-2025:3367nvd
- access.redhat.com/errata/RHSA-2025:3396nvd
- access.redhat.com/errata/RHSA-2025:3573nvd
- access.redhat.com/errata/RHSA-2025:3577nvd
- access.redhat.com/errata/RHSA-2025:3780nvd
- access.redhat.com/errata/RHSA-2025:4422nvd
- access.redhat.com/errata/RHSA-2025:7702nvd
- access.redhat.com/security/cve/CVE-2025-0624nvd
- bugzilla.redhat.com/show_bug.cginvd
- security.netapp.com/advisory/ntap-20250516-0006/nvd
News mentions
0No linked articles in our index yet.