DEBIAN-CVE-2025-61661

DEBIAN-CVE-2025-61661 PUBLISHED CVSS 4.800000190734863 MEDIUM

A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products

Vendor	Product	Versions
Debian:12	grub2	2.12, 2.12, 2.12
Debian:11	grub2	2.06-12, 2.06-13, 2.06-13
Debian:14	grub2	0, 2.14~git20250718.0e36779-2, 2.14~git20250718.0e36779-1
Debian:13	grub2	2.14~git20250718.0e36779-1, 2.14-2, 2.14-1

Timeline

Nov 18, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-61661 advisory

Open in Interactive Console →