Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1568

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

Published

2025-04-16T23:15:44.853

Last Modified

2025-07-08T18:07:07.210

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	16063.87.0	Yes

References

https://issues.chromium.org/issues/b/374279912 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/374279912 Issue Tracking, Mailing List (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)