Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

Published

2025-03-07T00:15:34.360

Last Modified

2025-07-21T16:57:28.230

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	15786.48.0	Yes

References

https://issues.chromium.org/issues/b/336153054 Broken Link, Issue Tracking, Vendor Advisory (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/336153054 Issue Tracking, Vendor Advisory (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/336153054 Issue Tracking, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)