CVE-2025-1566

CWE-13194 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 67.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeosGoogle Chrome OS
Timeline
PublishedApr 16
Latest updateApr 17

Description

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5google/chromeos16002.23.016002.23.0
NVDgoogle/chrome_os16002.23.0

🔴Vulnerability Details

2
GHSA
GHSA-gm22-hqvw-7j52: DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 1292025-04-17
CVEList
CVE-2025-1566: DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 160022025-04-16

📋Vendor Advisories

1
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-15662025-02-21
CVE-2025-1566 (HIGH CVSS 7.5) | DNS Leak in Native System VPN in Go | cvebase.io