CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://issues.chromium.org/issues/b/382540412	Broken Link
https://issuetracker.google.com/issues/382540412	Issue Tracking Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16063.45.2:*:*:*:*:*:*:*

History

02 Jul 2025, 18:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-16 17:15

Updated : 2025-07-02 18:26

NVD link : CVE-2025-6177

Mitre link : CVE-2025-6177

CVE.ORG link : CVE-2025-6177

JSON object : View

Products Affected

google

chrome_os

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-6177", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}]}, "published": "2025-06-16T17:15:31.813", "references": [{"url": "https://issues.chromium.org/issues/b/382540412", "tags": ["Broken Link"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}, {"url": "https://issuetracker.google.com/issues/382540412", "tags": ["Issue Tracking", "Mailing List"], "source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP)."}, {"lang": "es", "value": "La escalada de privilegios en MiniOS en Google ChromeOS (16063.45.2 y potencialmente otros) en dispositivos registrados permite a un atacante local obtener la ejecuci\u00f3n del c\u00f3digo root mediante la explotaci\u00f3n de un shell de depuraci\u00f3n (consola VT3) accesible a trav\u00e9s de combinaciones de teclas espec\u00edficas durante la entrada al modo de desarrollador y el acceso a MiniOS, incluso cuando el modo de desarrollador est\u00e1 bloqueado por la pol\u00edtica del dispositivo o Firmware Write Protect (FWMP)."}], "lastModified": "2025-07-02T18:26:40.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:16063.45.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C2F47F3-3470-471B-81A4-84FDE3F7256D"}], "operator": "OR"}]}], "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"}