CVE-2025-1118

{"id": "CVE-2025-1118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2025-02-19T18:15:24.280", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:16154", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-1118", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-501"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory."}, {"lang": "es", "value": "Se encontr\u00f3 un defecto en Grub2. El comando de volcado de Grub no se bloquea cuando GRUB est\u00e1 en modo de bloqueo, lo que permite al usuario leer cualquier informaci\u00f3n de memoria, y un atacante puede aprovechar esto para extraer firmas, sales y otra informaci\u00f3n confidencial de la memoria."}], "lastModified": "2025-09-18T09:15:35.407", "sourceIdentifier": "secalert@redhat.com"}