CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

CVSS

No CVSS.

References

Link	Resource
https://issues.chromium.org/issues/b/336153054	Issue Tracking Vendor Advisory Broken Link
https://issuetracker.google.com/issues/336153054	Issue Tracking Vendor Advisory
https://issuetracker.google.com/issues/336153054	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:chrome_os:15786.48.0:*:*:*:*:*:*:*

History

21 Jul 2025, 16:57

Type	Values Removed	Values Added
First Time		Google chrome Os Google
References	~~() https://issues.chromium.org/issues/b/336153054 -~~	() https://issues.chromium.org/issues/b/336153054 - Issue Tracking, Vendor Advisory, Broken Link
References	~~() https://issuetracker.google.com/issues/336153054 -~~	() https://issuetracker.google.com/issues/336153054 - Issue Tracking, Vendor Advisory
CPE		cpe:2.3:o:google:chrome_os:15786.48.0:::::::*

06 May 2025, 01:15

Type	Values Removed	Values Added
Summary	Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.	Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.
References		() https://issues.chromium.org/issues/b/336153054 -

07 Mar 2025, 20:15

Type	Values Removed	Values Added
Summary	Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.	Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

07 Mar 2025, 18:15

Type	Values Removed	Values Added
References	~~{'url': 'https://issues.chromium.org/issues/b/336153054', 'name': 'https://issues.chromium.org/issues/b/336153054', 'tags': [], 'refsource': ''}~~	() https://issuetracker.google.com/issues/336153054 -

07 Mar 2025, 02:15

Type	Values Removed	Values Added
References	~~{'url': 'https://issuetracker.google.com/issues/336153054', 'name': 'https://issuetracker.google.com/issues/336153054', 'tags': [], 'refsource': ''}~~
Summary	~~Test CVE description~~	Privilege escalation in Installer and Recovery image handling in Google ChromeOS 123.0.6312.112 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

07 Mar 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-07 00:15

Updated : 2025-07-21 16:57

NVD link : CVE-2025-1121

Mitre link : CVE-2025-1121

JSON object : View

Products Affected

google

chrome_os

CWE

No CWE.

JSON object

Attach tags to CVE-2025-1121

Attach tags to `CVE-2025-1121`