CVE-2025-1566

Summary

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeOS16002.23.0 < 16002.23.0affected

Weaknesses

  • Network Security Isolation (NSI)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References