QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4002

Published: Apr 28, 2025

Modified: Apr 28, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability was found in RefindPlusRepo RefindPlus 0.14.2.AB and classified as problematic. Affected by this issue is the function GetDebugLogFile of the file Library/MemLogLib/BootLog.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The patch is identified as d2143a1e2deefddd9b105fb7160763c4f8d47ea2. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
RefindPlusRepo	RefindPlus	affected `0.14.2.AB`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

VDB-306338 | RefindPlusRepo RefindPlus BootLog.c GetDebugLogFile null pointer dereference

vdb-entry

technical-description

VDB-306338 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #558122 | RefindPlusRepo RefindPlus v0.14.2.AB Release NULL Pointer Dereference

third-party-advisory

https://github.com/RefindPlusRepo/RefindPlus/issues/204

issue-tracking

https://github.com/RefindPlusRepo/RefindPlus/issues/204#issuecomment-2696817643

issue-tracking

https://github.com/RefindPlusRepo/RefindPlus/commit/d2143a1e2deefddd9b105fb7160763c4f8d47ea2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.