Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1292

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Published

2025-04-15T20:15:38.410

Last Modified

2025-10-06T16:55:26.270

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	122.0.6261.132	Yes
Operating System	google	chrome_os	-	No

References

https://issues.chromium.org/issues/b/324336238 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/324336238 Exploit, Issue Tracking (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)