fkie_cve-2025-1121
Vulnerability from fkie_nvd
Published
2025-03-07 00:15
Modified
2025-07-21 16:57
Severity ?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
| URL | Tags | ||
|---|---|---|---|
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issues.chromium.org/issues/b/336153054 | Issue Tracking, Vendor Advisory, Broken Link | |
| 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f | https://issuetracker.google.com/issues/336153054 | Issue Tracking, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://issuetracker.google.com/issues/336153054 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chrome_os:15786.48.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D681E31E-CF4E-4853-9837-77B14FF419E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
},
{
"lang": "es",
"value": "La escalada de privilegios en la gesti\u00f3n de im\u00e1genes de instalaci\u00f3n y recuperaci\u00f3n en Google ChromeOS 123.0.6312.112 en el dispositivo permite que un atacante con acceso f\u00edsico obtenga la ejecuci\u00f3n del c\u00f3digo ra\u00edz y potencialmente cancele la inscripci\u00f3n de dispositivos administrados por la empresa a trav\u00e9s de una imagen de recuperaci\u00f3n especialmente manipulada."
}
],
"id": "CVE-2025-1121",
"lastModified": "2025-07-21T16:57:28.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-07T00:15:34.360",
"references": [
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Vendor Advisory",
"Broken Link"
],
"url": "https://issues.chromium.org/issues/b/336153054"
},
{
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issuetracker.google.com/issues/336153054"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issuetracker.google.com/issues/336153054"
}
],
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…