Login Sign Up

CVE-2025-1122

6.7 MEDIUM

📋 TL;DR

An out-of-bounds write vulnerability in the TPM2 reference library in ChromeOS allows attackers with root access to bypass operating system verification and gain persistence. This affects Google ChromeOS 15753.50.0 stable on Cr50 boards. The vulnerability is exploitable during the Challenge-Response process via NV_Read functionality.

💻 Affected Systems

Products:
  • Google ChromeOS
Versions: 15753.50.0 stable
Operating Systems: ChromeOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Cr50 boards. Requires attacker to already have root access.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains persistent root-level access, bypasses OS verification, and maintains control even after system reboots or updates.

🟠

Likely Case

Privileged attacker already with root access escalates persistence capabilities to survive OS verification checks.

🟢

If Mitigated

With proper access controls preventing root compromise, the vulnerability cannot be exploited.

🌐 Internet-Facing: LOW - Requires root access first, not directly exploitable from network.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or attackers who have already gained root access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires root access first, then specific knowledge of TPM2 Challenge-Response process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ChromeOS updates beyond 15753.50.0

Vendor Advisory: https://issuetracker.google.com/issues/324336238

Restart Required: Yes

Instructions:

1. Open ChromeOS Settings 2. Navigate to About ChromeOS 3. Check for updates 4. Apply any available updates 5. Restart the device

🔧 Temporary Workarounds

Restrict root access

all

Implement strict access controls to prevent unauthorized root access

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for root account usage
  • Isolate affected devices from critical networks and monitor for suspicious TPM activity

🔍 How to Verify

Check if Vulnerable:

Check ChromeOS version via Settings > About ChromeOS. If version is 15753.50.0, device is vulnerable.

Check Version:

cat /etc/lsb-release | grep CHROMEOS_RELEASE_VERSION

Verify Fix Applied:

After update, verify ChromeOS version is newer than 15753.50.0

📡 Detection & Monitoring

Log Indicators:

  • Unusual TPM2 NV_Read operations
  • Multiple failed OS verification attempts
  • Unexpected root access patterns

Network Indicators:

  • Unusual outbound connections from ChromeOS devices with root access

SIEM Query:

source="chromeos" AND (event="tpm_nv_read" OR event="os_verification_failure")

📊 Metadata

CVE ID: CVE-2025-1122
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.01% exploit probability (1.8th percentile)
Published: April 15, 2025
Last Updated: October 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1122, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)