A vulnerability classified as critical was found in GNU grub2. Affected by this vulnerability is an unknown functionality of the component squash4. The manipulation leads to out-of-bounds write.

This vulnerability is known as CVE-2025-0678. Attacking locally is a requirement. There is no exploit available.