CVE-2025-1566

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://issues.chromium.org/issues/b/342802975	Broken Link
https://issuetracker.google.com/issues/342802975	Issue Tracking Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16002.23.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-16 23:15

Updated : 2025-07-08 18:08

NVD link : CVE-2025-1566

Mitre link : CVE-2025-1566

CVE.ORG link : CVE-2025-1566

JSON object : View

Products Affected

google

chrome_os

CWE

CWE-1319

Improper Protection against Electromagnetic Fault Injection (EM-FI)

7.5 /10