6.7

CVE-2025-1292

Exploit

EPSS 0.03%
Veröffentlicht 15.04.2025 19:46:26
Zuletzt bearbeitet 06.10.2025 16:55:26
Quelle 7f6e188d-c52a-4a19-8674-3c3fa7
CVE-Watchlists
Login
Unerledigt
Login

TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132  stable on Cr50 Boards allows an attacker with root access to gain persistence and 
bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version122.0.6261.132

Google ≫ Chrome Os Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://issuetracker.google.com/issues/324336238

Exploit

Issue Tracking

https://issues.chromium.org/issues/b/324336238

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2025-1292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1292

EUVD