Ctrl + K
/ news / CVE
CVEPublished 2025-11-18Modified 2026-05-190 articles on news6 live referencesNVD data

CVE-2025-54770

Vulnerability data via NVD (ingested)

CVSS v3.1
4.9
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS percentile
4
Exploit Prediction Scoring System · top 96% of all CVEs
Weaknesses (CWE)
CWE-825Expired Pointer Dereference
Description

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability

Timeline
Published 2025-11-18
Modified 2026-05-19

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2025-54770
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2025-54770
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-54770
Censys host search filtered to this CVE id.
grep.app
CVE-2025-54770
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-54770
GitHub code search for direct mentions.
Google dork
"CVE-2025-54770" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2025-54770 on GitHub.
We haven't classified any articles referencing CVE-2025-54770 yet. The external references above still apply.