CVE-2026-25828 - Vulnerability Analysis
MediumCVSS: 5.4Last Updated: February 13, 2026
grub-btrfs - Command Injection
Overview
grub-btrfs through 2026-01-31 on Arch Linux and derivatives contains an OS command injection caused by unsanitized $root parameter in resolve_device(), letting attackers execute arbitrary commands during initramfs, exploit requires crafted $root input.
Severity & Score
Impact
Attackers can execute arbitrary OS commands during initramfs, potentially leading to full system compromise.
Mitigation
Update grub-btrfs to a version released after 2026-01-31 or apply patches that sanitize the $root parameter.
References
Social Media Activity(2 posts)
📈 CVE Published in last 7 days (2026-02-09 - 2026-02-16) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1259 Severity: - Critical: 81 - High: 363 - Medium: 490 - Low: 75 - None: 250 Status: - : 17 - Analyzed: 306 - Awaiting Analysis: 571 - Modified: 18 - Received: 186 - Rejected: 108 - Undergoing Analysis: 53 Top CNAs: - GitHub, Inc.: 146 - VulnCheck: 110 - kernel.org: 110 - Wordfence: 101 - Intel Corporation: 84 - Apple Inc.: 75 - MITRE: 61 - Microsoft Corporation: 54 - Fortinet, Inc.: 52 - QNAP Systems, Inc.: 49 Top Affected Products: - UNKNOWN: 914 - Apple Macos: 55 - Apple Iphone Os: 41 - Apple Ipados: 41 - Microsoft Windows Server 2025: 29 - Qnap Qsync Central: 28 - Microsoft Windows Server 2022 23h2: 28 - Microsoft Windows 11 24h2: 27 - Microsoft Windows Server 2022: 27 - Microsoft Windows 11 25h2: 26 Top EPSS Score: - CVE-2026-21510 - 5.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510) - CVE-2026-21513 - 3.77 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513) - CVE-2026-21519 - 3.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519) - CVE-2026-21525 - 2.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525) - CVE-2026-21514 - 2.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514) - CVE-2026-21533 - 2.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533) - CVE-2026-25828 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25828) - CVE-2026-25892 - 0.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25892) - CVE-2026-26068 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26068) - CVE-2026-26221 - 0.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26221)
View original post
📈 CVE Published in last 7 days (2026-02-09 - 2026-02-16) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1259 Severity: - Critical: 81 - High: 363 - Medium: 490 - Low: 75 - None: 250 Status: - : 17 - Analyzed: 306 - Awaiting Analysis: 571 - Modified: 18 - Received: 186 - Rejected: 108 - Undergoing Analysis: 53 Top CNAs: - GitHub, Inc.: 146 - VulnCheck: 110 - kernel.org: 110 - Wordfence: 101 - Intel Corporation: 84 - Apple Inc.: 75 - MITRE: 61 - Microsoft Corporation: 54 - Fortinet, Inc.: 52 - QNAP Systems, Inc.: 49 Top Affected Products: - UNKNOWN: 914 - Apple Macos: 55 - Apple Iphone Os: 41 - Apple Ipados: 41 - Microsoft Windows Server 2025: 29 - Qnap Qsync Central: 28 - Microsoft Windows Server 2022 23h2: 28 - Microsoft Windows 11 24h2: 27 - Microsoft Windows Server 2022: 27 - Microsoft Windows 11 25h2: 26 Top EPSS Score: - CVE-2026-21510 - 5.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21510) - CVE-2026-21513 - 3.77 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21513) - CVE-2026-21519 - 3.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21519) - CVE-2026-21525 - 2.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21525) - CVE-2026-21514 - 2.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21514) - CVE-2026-21533 - 2.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21533) - CVE-2026-25828 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25828) - CVE-2026-25892 - 0.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25892) - CVE-2026-26068 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26068) - CVE-2026-26221 - 0.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26221)
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-25828
- Severity
- Medium
- CVSS Score
- 5.4
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 167.2%
- Social Posts
- 2
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N