CVE-2025-1566

{"id": "CVE-2025-1566", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-16T23:15:44.767", "references": [{"url": "https://issues.chromium.org/issues/b/342802975", "tags": ["Broken Link"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}, {"url": "https://issuetracker.google.com/issues/342802975", "tags": ["Issue Tracking", "Mailing List"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1319"}]}], "descriptions": [{"lang": "en", "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."}, {"lang": "es", "value": "Una fuga de DNS en el sistema VPN nativo del canal de desarrollo de Google ChromeOS en ChromeOS 129.0.6668.36 permite que los observadores de la red expongan consultas DNS de texto simple debido a una falla en la tunelizaci\u00f3n adecuada del tr\u00e1fico DNS durante las transiciones de estado de VPN."}], "lastModified": "2025-07-08T18:08:30.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:16002.23.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91F38647-41B2-4175-B80D-FF0F05BC9364"}], "operator": "OR"}]}], "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}