CVE-2025-4382: 
Linux Debian vulnerability analysis and mitigation

A security vulnerability (CVE-2025-4382) was discovered in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. The vulnerability was disclosed on May 9, 2025, affecting various Red Hat Enterprise Linux versions (7, 8, 9) and Red Hat OpenShift Container Platform 4 systems using GRUB2 (Red Hat CVE).

The vulnerability occurs when GRUB is configured to automatically decrypt disks using keys stored in the TPM, where it reads the decryption key into system memory. When GRUB fails to locate a valid filesystem due to filesystem corruption, it enters rescue mode while keeping the decryption key loaded in system memory. The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the vector string CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N and is classified under CWE-306 (Missing Authentication for Critical Function) (NVD, Wiz).

If exploited, this vulnerability allows an attacker with physical access to access unencrypted data without further authentication, compromising data confidentiality. Additionally, the ability to force this state through filesystem corruption presents a data integrity concern. The vulnerability has been classified as Moderate severity by Red Hat Product Security (Red Hat CVE).

As of the vulnerability disclosure, fixes have been deferred for affected systems including Red Hat Enterprise Linux 7, 8, 9, and Red Hat OpenShift Container Platform 4. No immediate patches or workarounds have been published (Wiz).