cve 2025 61664

CVE-2025-61664 is a local use-after-free vulnerability in the GRUB2 bootloader's normal module. The flaw occurs because the command handler for normal_exit is not unregistered when the module is unloaded, leaving a dangling command pointer that can be invoked later. This lifecycle mistake creates an availability- and integrity-oriented attack primitive, but it is not remotely exploitable. The CVE was published on 18 November 2025, and vendor advisories classify the severity accordingly. This tag covers discussions about the vulnerability's technical details, impact, and mitigation strategies for affected systems.