CVE-2025-1121

Summary

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeOS15786.48.2 < 15786.48.2affected

Weaknesses

  • Code execution and Privilege Escalation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References