CVE-2025-1566 (GCVE-0-2025-1566)
Vulnerability from
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Network Security Isolation (NSI)
Summary
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:32:48.693962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:29.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "16002.23.0",
"status": "affected",
"version": "16002.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Network Security Isolation (NSI)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.169Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/342802975"
},
{
"url": "https://issues.chromium.org/issues/b/342802975"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1566",
"datePublished": "2025-04-16T23:06:27.847Z",
"dateReserved": "2025-02-21T21:30:53.937Z",
"dateUpdated": "2025-05-08T19:15:06.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6177 (GCVE-0-2025-6177)
Vulnerability from
Published
2025-06-16 16:43
Modified
2025-06-17 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T03:55:13.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16063.45.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:43:44.191Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/382540412"
},
{
"url": "https://issues.chromium.org/issues/b/382540412"
}
],
"title": "ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked"
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-6177",
"datePublished": "2025-06-16T16:43:44.191Z",
"dateReserved": "2025-06-16T16:30:47.684Z",
"dateUpdated": "2025-06-17T03:55:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1290 (GCVE-0-2025-1290)
Vulnerability from
Published
2025-04-17 00:13
Modified
2025-05-08 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use-After-Free (UAF)
Summary
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure
during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:25:56.436790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:26:51.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15474.84.0",
"status": "affected",
"version": "15474.84.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure \nduring an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:07.309Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/301886931"
},
{
"url": "https://issues.chromium.org/issues/b/301886931"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1290",
"datePublished": "2025-04-17T00:13:35.225Z",
"dateReserved": "2025-02-13T22:19:47.467Z",
"dateUpdated": "2025-05-08T19:15:07.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1704 (GCVE-0-2025-1704)
Vulnerability from
Published
2025-04-16 23:06
Modified
2025-05-08 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use-After-Free (UAF)
Summary
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices
and intercept device management requests via loading components from the unencrypted stateful partition.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T15:48:23.843965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:45:03.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15823.23.0",
"status": "affected",
"version": "15823.23.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices \nand intercept device management requests via loading components from the unencrypted stateful partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free (UAF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:06.471Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/359915523"
},
{
"url": "https://issues.chromium.org/issues/b/359915523"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1704",
"datePublished": "2025-04-16T23:06:28.279Z",
"dateReserved": "2025-02-25T23:19:38.958Z",
"dateUpdated": "2025-05-08T19:15:06.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1121 (GCVE-0-2025-1121)
Vulnerability from
Published
2025-03-06 23:49
Modified
2025-05-08 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Code execution and Privilege Escalation
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-1121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:38:04.878602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:39:15.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ChromeOS",
"vendor": "Google",
"versions": [
{
"lessThan": "15786.48.2",
"status": "affected",
"version": "15786.48.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution and \nPrivilege Escalation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:15:05.506Z",
"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"shortName": "ChromeOS"
},
"references": [
{
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"url": "https://issues.chromium.org/issues/b/336153054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"assignerShortName": "ChromeOS",
"cveId": "CVE-2025-1121",
"datePublished": "2025-03-06T23:49:03.219Z",
"dateReserved": "2025-02-07T18:26:21.569Z",
"dateUpdated": "2025-05-08T19:15:05.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 11 - 15 organizations in total 15