CVE-2025-1121 (GCVE-0-2025-1121)
Vulnerability from cvelistv5
Published
2025-03-06 23:49
Modified
2025-05-08 19:15
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • Code execution and Privilege Escalation
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
7f6e188d-c52a-4a19-8674-3c3fa7d1fc7fhttps://issues.chromium.org/issues/b/336153054Issue Tracking, Vendor Advisory, Broken Link
7f6e188d-c52a-4a19-8674-3c3fa7d1fc7fhttps://issuetracker.google.com/issues/336153054Issue Tracking, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://issuetracker.google.com/issues/336153054Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
Google ChromeOS Version: 15786.48.2   < 15786.48.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1121",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T19:38:04.878602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T19:39:15.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://issuetracker.google.com/issues/336153054"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChromeOS",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "15786.48.2",
              "status": "affected",
              "version": "15786.48.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code execution and \nPrivilege Escalation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T19:15:05.506Z",
        "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "shortName": "ChromeOS"
      },
      "references": [
        {
          "url": "https://issuetracker.google.com/issues/336153054"
        },
        {
          "url": "https://issues.chromium.org/issues/b/336153054"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
    "assignerShortName": "ChromeOS",
    "cveId": "CVE-2025-1121",
    "datePublished": "2025-03-06T23:49:03.219Z",
    "dateReserved": "2025-02-07T18:26:21.569Z",
    "dateUpdated": "2025-05-08T19:15:05.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1121\",\"sourceIdentifier\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"published\":\"2025-03-07T00:15:34.360\",\"lastModified\":\"2025-07-21T16:57:28.230\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \\nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.\"},{\"lang\":\"es\",\"value\":\"La escalada de privilegios en la gesti\u00f3n de im\u00e1genes de instalaci\u00f3n y recuperaci\u00f3n en Google ChromeOS 123.0.6312.112 en el dispositivo permite que un atacante con acceso f\u00edsico obtenga la ejecuci\u00f3n del c\u00f3digo ra\u00edz y potencialmente cancele la inscripci\u00f3n de dispositivos administrados por la empresa a trav\u00e9s de una imagen de recuperaci\u00f3n especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:chrome_os:15786.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D681E31E-CF4E-4853-9837-77B14FF419E8\"}]}]}],\"references\":[{\"url\":\"https://issues.chromium.org/issues/b/336153054\",\"source\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"https://issuetracker.google.com/issues/336153054\",\"source\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://issuetracker.google.com/issues/336153054\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:38:04.878602Z\"}}}], \"references\": [{\"url\": \"https://issuetracker.google.com/issues/336153054\", \"tags\": [\"exploit\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:38:47.936Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"ChromeOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"15786.48.2\", \"lessThan\": \"15786.48.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://issuetracker.google.com/issues/336153054\"}, {\"url\": \"https://issues.chromium.org/issues/b/336153054\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \\nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Code execution and \\nPrivilege Escalation\"}]}], \"providerMetadata\": {\"orgId\": \"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\", \"shortName\": \"ChromeOS\", \"dateUpdated\": \"2025-05-08T19:15:05.506Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T19:15:05.506Z\", \"dateReserved\": \"2025-02-07T18:26:21.569Z\", \"assignerOrgId\": \"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\", \"datePublished\": \"2025-03-06T23:49:03.219Z\", \"assignerShortName\": \"ChromeOS\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.