CVE-2025-1121

CWE-269Improper Privilege ManagementCWE-190Integer Overflow4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 99.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeosGoogle Chrome OS
Timeline
PublishedMar 7
Latest updateOct 28

Description

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5google/chromeos15786.48.215786.48.2
NVDgoogle/chrome_os15786.48.0

🔴Vulnerability Details

3
GHSA
ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)2025-10-28
CVEList
CVE-2025-1121: Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 157862025-03-06
OSV
CVE-2025-21630: In the Linux kernel, the following vulnerability has been resolved: io_uring/net: always initialize kmsg->msg2025-01-15
CVE-2025-1121 (MEDIUM CVSS 6.8) | Privilege escalation in Installer a | cvebase.io