CVE-2025-1568

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1568
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://issues.chromium.org/issues/b/374279912 Broken Link
https://issuetracker.google.com/issues/374279912 Issue Tracking Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*
History

08 Jul 2025, 18:07

Type Values Removed Values Added
First Time Google chrome Os
Google
CPE cpe:2.3:o:google:chrome_os:16063.87.0:*:*:*:*:*:*:*
References () https://issues.chromium.org/issues/b/374279912 - () https://issues.chromium.org/issues/b/374279912 - Broken Link
References () https://issuetracker.google.com/issues/374279912 - () https://issuetracker.google.com/issues/374279912 - Issue Tracking, Mailing List

08 May 2025, 20:15

Type Values Removed Values Added
Summary (en) or other security impacts via manipulating IPSET_ATTR_CIDR Netlink attribute without proper bounds checking on the modified IP address in bitmap_ip_uadt (en) Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

06 May 2025, 01:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de control de acceso en la configuración del proyecto Gerrit chromiumos en Google ChromeOS 131.0.6778.268 permite a un atacante con una cuenta Gerrit registrada inyectar código malicioso en proyectos de ChromeOS y potencialmente lograr la ejecución remota de código y la denegación de servicio mediante la edición de canalizaciones confiables mediante controles de acceso insuficientes y configuraciones erróneas en project.config de Gerrit.
Summary (en) Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config. (en) or other security impacts via manipulating IPSET_ATTR_CIDR Netlink attribute without proper bounds checking on the modified IP address in bitmap_ip_uadt

17 Apr 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.8
CWE CWE-94 CWE-284

17 Apr 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-94

16 Apr 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 23:15

Updated : 2025-07-08 18:07

NVD link : CVE-2025-1568

Mitre link : CVE-2025-1568

CVE.ORG link : CVE-2025-1568

JSON object : View

Products Affected

google

  • chrome_os
CWE
CWE-284

Improper Access Control