Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).

Published

2025-06-16T17:15:31.813

Last Modified

2025-07-02T18:26:40.590

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	16063.45.2	Yes

References

https://issues.chromium.org/issues/b/382540412 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/382540412 Issue Tracking, Mailing List (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)