6.7

CVE-2025-1292

Exploit

EPSS 0.01%
Published 15.04.2025 19:46:26
Last modified 06.10.2025 16:55:26
Source 7f6e188d-c52a-4a19-8674-3c3fa7
Teams watchlist Login
Open Login

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132  stable on Cr50 Boards allows an attacker with root access to gain persistence and 
bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version122.0.6261.132

Google ≫ Chrome Os Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://issuetracker.google.com/issues/324336238

Exploit

Issue Tracking

https://issues.chromium.org/issues/b/324336238

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2025-1292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1292

EUVD