{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1292", "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "state": "PUBLISHED", "assignerShortName": "ChromeOS", "dateReserved": "2025-02-13T23:38:13.495Z", "datePublished": "2025-04-15T19:46:26.679Z", "dateUpdated": "2025-04-17T19:41:04.480Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "ChromeOS", "defaultStatus": "unaffected", "versions": [{"version": "122.0.6261.132", "status": "affected", "versionType": "custom"}]}], "title": "TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS", "descriptions": [{"lang": "en", "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "shortName": "ChromeOS", "dateUpdated": "2025-04-15T19:46:26.679Z"}, "references": [{"url": "https://issuetracker.google.com/issues/324336238"}, {"url": "https://issues.chromium.org/issues/b/324336238"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T20:23:49.533926Z", "id": "CVE-2025-1292", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:41:04.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1292", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-15T20:23:49.533926Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T20:24:24.463Z"}}], "cna": {"title": "TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS", "affected": [{"vendor": "Google", "product": "ChromeOS", "versions": [{"status": "affected", "version": "122.0.6261.132", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://issuetracker.google.com/issues/324336238"}, {"url": "https://issues.chromium.org/issues/b/324336238"}], "descriptions": [{"lang": "en", "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "shortName": "ChromeOS", "dateUpdated": "2025-04-15T19:46:26.679Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1292", "state": "PUBLISHED", "dateUpdated": "2025-04-17T19:41:04.480Z", "dateReserved": "2025-02-13T23:38:13.495Z", "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "datePublished": "2025-04-15T19:46:26.679Z", "assignerShortName": "ChromeOS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:122.0.6261.132:*:*:*:*:*:*:*", "matchCriteriaId": "EDFC1E43-804F-419F-B8D5-861BAF5730A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."}, {"lang": "es", "value": "La escritura fuera de los l\u00edmites en TPM2 Reference Library in Google ChromeOS 122.0.6261.132 estable en placas Cr50 permite que un atacante con acceso de root obtenga persistencia y eluda la verificaci\u00f3n del sistema operativo mediante la explotaci\u00f3n de la funcionalidad NV_Read durante el proceso de desaf\u00edo-respuesta."}], "id": "CVE-2025-1292", "lastModified": "2025-10-06T16:55:26.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-15T20:15:38.410", "references": [{"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "tags": ["Broken Link"], "url": "https://issues.chromium.org/issues/b/324336238"}, {"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "tags": ["Exploit", "Issue Tracking"], "url": "https://issuetracker.google.com/issues/324336238"}], "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}