Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

Published

2025-05-06T01:15:50.563

Last Modified

2025-10-03T14:47:54.957

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	16093.57.0	Yes

References

https://issues.chromium.org/issues/b/385851796 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/385851796 Exploit, Issue Tracking (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)