CVE-2025-1121

Medium CVSS 6.8

Overview

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

CWE: CWE-269 Published: 2025-03-07T00:15:34.360

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.8 (MEDIUM)
Detected tags: priv_esc, rce (tag impact: VERY HIGH)

Recommended actions:

Fix privilege escalation urgently.
Enforce least-privilege and strengthen EDR detection.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags