CVE-2025-1118: 
Rocky Linux vulnerability analysis and mitigation

CVE-2025-1118 is a security vulnerability discovered in GRUB2 (Grand Unified Bootloader version 2) that was disclosed on February 18, 2025. The vulnerability stems from GRUB's dump command not being properly blocked when the system is in lockdown mode with secure boot enabled. This flaw affects the GRUB2 bootloader system and its security mechanisms (NVD, OSS Security).

The vulnerability is characterized by a trust boundary violation (CWE-501) where the dump command remains accessible despite system lockdown mode being active. The issue has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access and high privileges to exploit, but can result in high confidentiality impact (Red Hat Security, OSS Security).

The vulnerability allows an attacker with local access to read any memory information through the dump command, potentially exposing sensitive data such as signatures, salts, and other critical security information stored in memory. This exposure could compromise the secure boot mechanism's integrity (Red Hat Bugzilla).

Fixes for this vulnerability have been made public and are being distributed through various Linux distributions. Debian has addressed this in version 2.12-7 of the grub2 package. Users are advised to update their GRUB2 installations to the latest version that includes the security fix (Debian Security).