Wiz
Vulnerability DatabaseCVE-2025-61663

CVE-2025-61663
Echo vulnerability analysis and mitigation

Overview

CVE-2025-61663 is a security vulnerability in the GRUB2 bootloader that was disclosed on November 18, 2025. The vulnerability stems from a missing unregister call for normal commands in the normal module, affecting multiple versions of Red Hat Enterprise Linux (RHEL) and Red Hat OpenShift Container Platform (Red Hat Security).

Technical details

The vulnerability occurs when the normal command is registered in the normal module during load but fails to unregister during module unload. This implementation flaw has been assigned a CVSS v3 score of 4.9 and is categorized under CWE-825. The vulnerability affects multiple Red Hat Enterprise Linux versions (RHEL 7, 8, 9, 10) and Red Hat OpenShift Container Platform 4 (Red Hat Security).

Impact

When exploited, this vulnerability can lead to a use-after-free condition when the normal command is invoked after the normal module unload. The severity is rated as moderate, indicating potential stability issues or security risks in affected systems (Bugzilla Report).

Mitigation and workarounds

Red Hat has acknowledged this vulnerability and assigned it a moderate severity rating with a deadline of November 18, 2025, for remediation. Users of affected systems should monitor for updates and apply them when available (Bugzilla Report).

Additional resources

SourceThis report was generated using AI

Related Echo vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-65015CRITICAL9.2
  • PythonPython
  • localstack
NoYesNov 18, 2025
CVE-2025-11001HIGH7
  • 7-Zip7-Zip
  • 7zip-standalone-all-debuginfo
NoYesNov 19, 2025
CVE-2025-61664MEDIUM4.9
  • EchoEcho
  • grub2-efi-aa64-modules
NoYesNov 18, 2025
CVE-2025-61663MEDIUM4.9
  • EchoEcho
  • grub2-efi-aa64-modules
NoYesNov 18, 2025
CVE-2025-61662MEDIUM4.9
  • EchoEcho
  • grub2-tools
NoYesNov 18, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo