Medium severity4.8NVD Advisory· Published Nov 18, 2025· Updated Apr 15, 2026
CVE-2025-61661
CVE-2025-61661
Description
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- osv-coords16 versionspkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/grub2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/grub2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/grub2&distro=SUSE%20Linux%20Micro%206.2
< 2.12-150600.8.44.2+ 15 more
- (no CPE)range: < 2.12-150600.8.44.2
- (no CPE)range: < 2.12-160000.3.1
- (no CPE)range: < 2.12-67.1
- (no CPE)range: < 2.04-150300.22.61.1
- (no CPE)range: < 2.06-150400.11.66.1
- (no CPE)range: < 2.06-150400.11.66.1
- (no CPE)range: < 2.06-150500.29.59.1
- (no CPE)range: < 2.12-150600.8.44.2
- (no CPE)range: < 2.12-150700.19.19.1
- (no CPE)range: < 2.12-150600.8.44.2
- (no CPE)range: < 2.12-150700.19.19.1
- (no CPE)range: < 2.12-160000.3.1
- (no CPE)range: < 2.12-160000.3.1
- (no CPE)range: < 2.02-193.1
- (no CPE)range: < 2.12-slfo.1.1_3.1
- (no CPE)range: < 2.12-160000.3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.