CVE-2025-1568

CWE-284Improper Access ControlCWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.8%
top 26.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeosGoogle Chrome OS
Timeline
PublishedApr 16
Latest updateApr 17

Description

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google/chromeos16063.87.016063.87.0
NVDgoogle/chrome_os16063.87.0

🔴Vulnerability Details

2
GHSA
GHSA-h4fr-qhv5-6jfq: Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 1312025-04-17
CVEList
CVE-2025-1568: Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 160632025-04-16
CVE-2025-1568 (HIGH CVSS 8.8) | Access Control Vulnerability in Ger | cvebase.io