The GRUB2 bootloader is a widely used software for managing boot processes in Linux systems. The vulnerability identified in CVE-2025-61663 allows an attacker to force the system into instability by exploiting a Use-after-Free issue in the normal command, leading to potential Denial of Service (DoS) and impact on data integrity.
You're affected if you use GRUB2 version 2.06 or earlier. To check for your GRUB2 version, run grub --version in your terminal.
Upgrade to GRUB2 version 2.10 or later: https://www.gnu.org/software/grub/manual/grub/Upgrade.html (follow the upgrade instructions)
- Immediate mitigations:
* Disable booting from USB devices (e.g., sudo grub --bootload=usb followed by sudo grub-set-default -b)
* Set GRUB2's GRUB_TIMEOUT to 0 seconds (echo "GRUB_TIMEOUT=0" > /etc/default/grub)
* Monitor system logs for potential GRUB-related errors