CVE-2025-1292

6.7 MEDIUM
Published: April 15, 2025 Modified: October 06, 2025
View on NVD

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://issues.chromium.org/issues/b/324336238
Source: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
Broken Link
https://issuetracker.google.com/issues/324336238
Source: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
Exploit Issue Tracking

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.7 / 10.0
EPSS (Exploit Probability)
0.0%
1th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-787

Affected Vendors

google

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A