All the vulnerabilites related to Google - ChromeOS
cve-2025-1292
Vulnerability from cvelistv5
Published
2025-04-15 19:46
Modified
2025-04-17 19:41
Severity ?
EPSS score ?
Summary
TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1292",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:23:49.533926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:41:04.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "122.0.6261.132",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:46:26.679Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/324336238"
},
{
"url": "https://issues.chromium.org/issues/b/324336238"
}
],
"title": "TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1292",
"datePublished": "2025-04-15T19:46:26.679Z",
"dateReserved": "2025-02-13T23:38:13.495Z",
"dateUpdated": "2025-04-17T19:41:04.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1290
Vulnerability from cvelistv5
Published
2025-04-17 00:13
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:25:56.436790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:26:51.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15474.84.0",
"status": "affected",
"version": "15474.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.309Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/301886931"
},
{
"url": "https://issues.chromium.org/issues/b/301886931"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1290",
"datePublished": "2025-04-17T00:13:35.225Z",
"dateReserved": "2025-02-13T22:19:47.467Z",
"dateUpdated": "2025-05-08T19:15:07.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1121
Vulnerability from cvelistv5
Published
2025-03-06 23:49
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:38:04.878602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:39:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15786.48.2",
"status": "affected",
"version": "15786.48.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution and \nPrivilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:05.506Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"url": "https://issues.chromium.org/issues/b/336153054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1121",
"datePublished": "2025-03-06T23:49:03.219Z",
"dateReserved": "2025-02-07T18:26:21.569Z",
"dateUpdated": "2025-05-08T19:15:05.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1122
Vulnerability from cvelistv5
Published
2025-04-15 19:51
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and
Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1122",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T20:43:27.223049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:40:55.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15753.50.0",
"status": "affected",
"version": "15753.50.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nBypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:05.948Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/324336238"
},
{
"url": "https://issues.chromium.org/issues/b/324336238"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1122",
"datePublished": "2025-04-15T19:51:23.127Z",
"dateReserved": "2025-02-07T18:38:22.520Z",
"dateUpdated": "2025-05-08T19:15:05.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1566
Vulnerability from cvelistv5
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:32:48.693962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:29.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16002.23.0",
"status": "affected",
"version": "16002.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Network Security Isolation (NSI)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.169Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/342802975"
},
{
"url": "https://issues.chromium.org/issues/b/342802975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1566",
"datePublished": "2025-04-16T23:06:27.847Z",
"dateReserved": "2025-02-21T21:30:53.937Z",
"dateUpdated": "2025-05-08T19:15:06.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-2509
Vulnerability from cvelistv5
Published
2025-05-06 00:59
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to
VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T03:55:46.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16093.57.0",
"status": "affected",
"version": "16093.57.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to \nVM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.601Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/385851796"
},
{
"url": "https://issues.chromium.org/issues/b/385851796"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2509",
"datePublished": "2025-05-06T00:59:32.231Z",
"dateReserved": "2025-03-18T20:10:07.777Z",
"dateUpdated": "2025-05-08T19:15:07.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1704
Vulnerability from cvelistv5
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:48:23.843965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:03.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15823.23.0",
"status": "affected",
"version": "15823.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.471Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/359915523"
},
{
"url": "https://issues.chromium.org/issues/b/359915523"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1704",
"datePublished": "2025-04-16T23:06:28.279Z",
"dateReserved": "2025-02-25T23:19:38.958Z",
"dateUpdated": "2025-05-08T19:15:06.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-2073
Vulnerability from cvelistv5
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-2073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:47:09.192243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:44:40.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"status": "affected",
"version": "Kernal version 6.1, 5.15. 5.10, 4.19\nchromeOS version 16093.103.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.866Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/380043638"
},
{
"url": "https://issues.chromium.org/issues/b/380043638"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-2073",
"datePublished": "2025-04-16T23:06:28.608Z",
"dateReserved": "2025-03-06T20:11:52.646Z",
"dateUpdated": "2025-05-08T19:15:06.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1568
Vulnerability from cvelistv5
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
EPSS score ?
Summary
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:46:13.539057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:44:08.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16063.87.0",
"status": "affected",
"version": "16063.87.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit\u0027s project.config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.092Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/374279912"
},
{
"url": "https://issues.chromium.org/issues/b/374279912"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1568",
"datePublished": "2025-04-16T23:06:28.902Z",
"dateReserved": "2025-02-21T22:33:59.174Z",
"dateUpdated": "2025-05-08T19:15:07.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}