CVE Vulnerabilities

CVE-2025-1121

Improper Privilege Management

Published: Mar 07, 2025 | Modified: Jul 21, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Chrome_os Google 15786.48.0 (including) 15786.48.0 (including)

Potential Mitigations

References