CVE-2025-0685

Summary

CVE-2025-0685 introduces a critical vulnerability in grub2's jfs filesystem module. The issue arises when the module determines buffer sizes based on user-controlled parameters from the filesystem geometry, failing to properly check for integer overflows. A specially crafted filesystem can manipulate these buffer size calculations, causing grub_malloc() to allocate smaller sizes than intended. Consequently, grub_jfs_lookup_symlink() function may write beyond the intended buffer length during grub_jfs_read_file(). This vulnerability allows an attacker to corrupt grub's internal critical data and potentially execute arbitrary code, bypassing secure boot protections.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.