CVE-2025-1568

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://issues.chromium.org/issues/b/374279912	Broken Link
https://issuetracker.google.com/issues/374279912	Issue Tracking Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-16 23:15

Updated : 2025-07-08 18:07

NVD link : CVE-2025-1568

Mitre link : CVE-2025-1568

CVE.ORG link : CVE-2025-1568

JSON object : View

Products Affected

google

chrome_os

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-1568", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-04-16T23:15:44.853", "references": [{"url": "https://issues.chromium.org/issues/b/374279912", "tags": ["Broken Link"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}, {"url": "https://issuetracker.google.com/issues/374279912", "tags": ["Issue Tracking", "Mailing List"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config."}, {"lang": "es", "value": "Vulnerabilidad de control de acceso en la configuraci\u00f3n del proyecto Gerrit chromiumos en Google ChromeOS 131.0.6778.268 permite a un atacante con una cuenta Gerrit registrada inyectar c\u00f3digo malicioso en proyectos de ChromeOS y potencialmente lograr la ejecuci\u00f3n remota de c\u00f3digo y la denegaci\u00f3n de servicio mediante la edici\u00f3n de canalizaciones confiables mediante controles de acceso insuficientes y configuraciones err\u00f3neas en project.config de Gerrit."}], "lastModified": "2025-07-08T18:07:07.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46EA713-D124-442D-B0A0-93EAC016D8B0"}], "operator": "OR"}]}], "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}