CVE-2025-1568

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1568
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://issues.chromium.org/issues/b/374279912 Broken Link
https://issuetracker.google.com/issues/374279912 Issue Tracking Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*
History

08 Jul 2025, 18:07

Type Values Removed Values Added
References () https://issues.chromium.org/issues/b/374279912 - () https://issues.chromium.org/issues/b/374279912 - Broken Link
References () https://issuetracker.google.com/issues/374279912 - () https://issuetracker.google.com/issues/374279912 - Issue Tracking, Mailing List
First Time Google chrome Os
Google
CPE cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*
Summary
  • (es) Vulnerabilidad de control de acceso en la configuración del proyecto Gerrit chromiumos en Google ChromeOS 131.0.6778.268 permite a un atacante con una cuenta Gerrit registrada inyectar código malicioso en proyectos de ChromeOS y potencialmente lograr la ejecución remota de código y la denegación de servicio mediante la edición de canalizaciones confiables mediante controles de acceso insuficientes y configuraciones erróneas en project.config de Gerrit.
Summary (en) Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config. (en) Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

17 Apr 2025, 16:15

Type Values Removed Values Added
CWE CWE-94 CWE-284
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.8

17 Apr 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-94

16 Apr 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 23:15

Updated : 2025-07-08 18:07

NVD link : CVE-2025-1568

Mitre link : CVE-2025-1568

CVE.ORG link : CVE-2025-1568

JSON object : View

Products Affected

google

  • chrome_os
CWE
CWE-284

Improper Access Control