{"api_version":"1","generated_at":"2026-07-03T14:34:17+00:00","cve":"CVE-2025-1118","urls":{"html":"https://cve.report/CVE-2025-1118","api":"https://cve.report/api/cve/CVE-2025-1118.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-1118","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-1118"},"summary":{"title":"Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled","description":"A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-02-19 18:15:24","updated_at":"2026-06-30 00:16:54"},"problem_types":["CWE-501","CWE-501 Trust Boundary Violation"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f","name":"https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346137","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2346137","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","name":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:16154","name":"https://access.redhat.com/errata/RHSA-2025:16154","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-1118","name":"https://access.redhat.com/security/cve/CVE-2025-1118","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-1118","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1118","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"unaffected 1:2.12-15.el10_0 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-02-17T17:26:24.670Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-02-18T18:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"1118","cve":"CVE-2025-1118","epss":"0.002860000","percentile":"0.204020000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-1118","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-03-03T17:23:06.868981Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-03-03T17:24:24.515Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://www.gnu.org/software/grub/","defaultStatus":"unaffected","packageName":"grub2","versions":[{"lessThanOrEqual":"2.12","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10.0"],"defaultStatus":"affected","packageName":"grub2","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1:2.12-15.el10_0","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"grub2","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unknown","packageName":"grub2","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"grub2","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2025-02-18T18:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-501","description":"Trust Boundary Violation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-29T23:27:20.702Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:16154","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:16154"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-1118"},{"name":"RHBZ#2346137","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346137"},{"url":"https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f"},{"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"timeline":[{"lang":"en","time":"2025-02-17T17:26:24.670Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-02-18T18:00:00.000Z","value":"Made public."}],"title":"Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled","x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-501: Trust Boundary Violation"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-1118","datePublished":"2025-02-19T17:54:27.651Z","dateReserved":"2025-02-07T16:58:08.564Z","dateUpdated":"2026-06-29T23:27:20.702Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-02-19 18:15:24","lastModifiedDate":"2026-06-30 00:16:54","problem_types":["CWE-501","CWE-501 Trust Boundary Violation"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-03T17:23:06.868981Z","id":"CVE-2025-1118","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"1118","Ordinal":"1","Title":"Grub2: commands/dump: the dump command is not in lockdown when s","CVE":"CVE-2025-1118","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"1118","Ordinal":"1","NoteData":"A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.","Type":"Description","Title":"Grub2: commands/dump: the dump command is not in lockdown when s"}]}}}