CVE-2025-6044

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 97.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chromeos Google Chrome OS

Timeline

PublishedJul 7

Latest updateJul 23

Description

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5google/chromeos16238.64.0 — 16238.64.0

▶NVDgoogle/chrome_os16238.64.0

🔴Vulnerability Details

GHSA

GHSA-p4mw-xc4p-683j: An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238↗2025-07-07

▶

CVEList

CVE-2025-6044: An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238↗2025-07-07

▶

📋Vendor Advisories

Chrome

Stable Chanel Update for ChromeOS / ChromeOS-Flex: CVE-2025-6044↗2025-07-23

▶