CVE-2025-61662: 
Echo vulnerability analysis and mitigation

CVE-2025-61662 is a security vulnerability in GRUB2's gettext module that was disclosed on November 18, 2025. The vulnerability stems from a missing unregister call for the gettext command during module unload, which affects various versions of Red Hat Enterprise Linux (RHEL) and Red Hat OpenShift Container Platform 4. The vulnerability has been assigned a moderate severity rating with a CVSS score of 4.9 (Red Hat Security).

The vulnerability occurs when the gettext module is loaded, where the gettext command is registered but isn't properly unregistered when the module is unloaded. This implementation flaw can lead to a use-after-free condition if the gettext command is invoked after the gettext module has been unloaded. The issue was identified in the grub-core/gettext/gettext.c file and requires adding a call to grubunregistercommand() during module unload to properly fix the vulnerability (OSS Security).

The vulnerability could potentially lead to use-after-free issues when the gettext command is invoked after the gettext module has been unloaded. This affects multiple Red Hat Enterprise Linux versions (6, 7, 8, 9, 10) and Red Hat OpenShift Container Platform 4 (Red Hat Bugzilla).

A patch has been developed that adds proper unregistration of the gettext command during module unload. The fix involves adding a call to grubunregistercommand() in the GRUBMODFINI function of the gettext module. The patch was submitted by Alec Brown and reviewed by Daniel Kiper (OSS Security).