CVE-2025-6044

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6044
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://issues.chromium.org/issues/b/421184743 Broken Link
https://issuetracker.google.com/issues/421184743 Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16238.64.0:*:*:*:*:*:*:*
History

03 Oct 2025, 15:54

Type Values Removed Values Added
First Time Google
Google chrome Os
CPE cpe:2.3:o:google:chrome_os:16238.64.0:*:*:*:*:*:*:*
References () https://issues.chromium.org/issues/b/421184743 - () https://issues.chromium.org/issues/b/421184743 - Broken Link
References () https://issuetracker.google.com/issues/421184743 - () https://issuetracker.google.com/issues/421184743 - Permissions Required

09 Jul 2025, 19:15

Type Values Removed Values Added
Summary (en) An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on Lenovo devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. (en) An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

08 Jul 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE CWE-287

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de control de acceso inadecuado en el componente Stylus Tools de Google ChromeOS versión 16238.64.0 en dispositivos Lenovo permite a un atacante físico eludir la pantalla de bloqueo y acceder a los archivos del usuario quitando el lápiz mientras el dispositivo está cerrado y usando la función de captura de pantalla.

07 Jul 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-07 19:15

Updated : 2025-10-03 15:54

NVD link : CVE-2025-6044

Mitre link : CVE-2025-6044

CVE.ORG link : CVE-2025-6044

JSON object : View

Products Affected

google

  • chrome_os
CWE
CWE-287

Improper Authentication