CVE-2025-1121

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1121
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://issues.chromium.org/issues/b/336153054
https://issuetracker.google.com/issues/336153054
https://issuetracker.google.com/issues/336153054
Configurations

No configuration.

History

06 May 2025, 01:15

Type Values Removed Values Added
Summary
  • (es) La escalada de privilegios en la gestión de imágenes de instalación y recuperación en Google ChromeOS 123.0.6312.112 en el dispositivo permite que un atacante con acceso físico obtenga la ejecución del código raíz y potencialmente cancele la inscripción de dispositivos administrados por la empresa a través de una imagen de recuperación especialmente manipulada.
Summary (en) Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. (en) Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References
  • () https://issues.chromium.org/issues/b/336153054 -

07 Mar 2025, 20:15

Type Values Removed Values Added
References () https://issuetracker.google.com/issues/336153054 - () https://issuetracker.google.com/issues/336153054 -
CWE CWE-269
Summary (en) Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. (en) Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8

07 Mar 2025, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://issues.chromium.org/issues/b/336153054', 'source': '7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f'}
  • () https://issuetracker.google.com/issues/336153054 -

07 Mar 2025, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://issuetracker.google.com/issues/336153054', 'source': '7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f'}

07 Mar 2025, 01:15

Type Values Removed Values Added
Summary (en) Test CVE description (en) Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

07 Mar 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-07 00:15

Updated : 2025-05-06 01:15

NVD link : CVE-2025-1121

Mitre link : CVE-2025-1121

CVE.ORG link : CVE-2025-1121

JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management