CVE-2025-1121 (GCVE-0-2025-1121)

Vulnerability from cvelistv5 – Published: 2025-03-06 23:49 – Updated: 2025-05-08 19:15
VLAI?
Summary
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
Severity ?
6.8 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • Code execution and Privilege Escalation
Assigner
References
Impacted products
Vendor Product Version
Google ChromeOS Affected: 15786.48.2 , < 15786.48.2 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-1121",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T19:38:04.878602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T19:39:15.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://issuetracker.google.com/issues/336153054"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChromeOS",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "15786.48.2",
              "status": "affected",
              "version": "15786.48.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code execution and \nPrivilege Escalation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T19:15:05.506Z",
        "orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
        "shortName": "ChromeOS"
      },
      "references": [
        {
          "url": "https://issuetracker.google.com/issues/336153054"
        },
        {
          "url": "https://issues.chromium.org/issues/b/336153054"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
    "assignerShortName": "ChromeOS",
    "cveId": "CVE-2025-1121",
    "datePublished": "2025-03-06T23:49:03.219Z",
    "dateReserved": "2025-02-07T18:26:21.569Z",
    "dateUpdated": "2025-05-08T19:15:05.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1121\",\"sourceIdentifier\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"published\":\"2025-03-07T00:15:34.360\",\"lastModified\":\"2025-07-21T16:57:28.230\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \\nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.\"},{\"lang\":\"es\",\"value\":\"La escalada de privilegios en la gesti\u00f3n de im\u00e1genes de instalaci\u00f3n y recuperaci\u00f3n en Google ChromeOS 123.0.6312.112 en el dispositivo permite que un atacante con acceso f\u00edsico obtenga la ejecuci\u00f3n del c\u00f3digo ra\u00edz y potencialmente cancele la inscripci\u00f3n de dispositivos administrados por la empresa a trav\u00e9s de una imagen de recuperaci\u00f3n especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:chrome_os:15786.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D681E31E-CF4E-4853-9837-77B14FF419E8\"}]}]}],\"references\":[{\"url\":\"https://issues.chromium.org/issues/b/336153054\",\"source\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"https://issuetracker.google.com/issues/336153054\",\"source\":\"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://issuetracker.google.com/issues/336153054\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:38:04.878602Z\"}}}], \"references\": [{\"url\": \"https://issuetracker.google.com/issues/336153054\", \"tags\": [\"exploit\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:38:47.936Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"ChromeOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"15786.48.2\", \"lessThan\": \"15786.48.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://issuetracker.google.com/issues/336153054\"}, {\"url\": \"https://issues.chromium.org/issues/b/336153054\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code \\nexecution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Code execution and \\nPrivilege Escalation\"}]}], \"providerMetadata\": {\"orgId\": \"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\", \"shortName\": \"ChromeOS\", \"dateUpdated\": \"2025-05-08T19:15:05.506Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T19:15:05.506Z\", \"dateReserved\": \"2025-02-07T18:26:21.569Z\", \"assignerOrgId\": \"7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f\", \"datePublished\": \"2025-03-06T23:49:03.219Z\", \"assignerShortName\": \"ChromeOS\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.