Access Control Flaw in Google ChromeOS Gerrit Configuration
CVE-2025-1568

8.8HIGH

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
16 April 2025

What is CVE-2025-1568?

CVE-2025-1568 is an access control vulnerability found within the Gerrit configuration of Google ChromeOS, specifically in version 16063.87.0. This flaw arises due to insufficient access controls and misconfigurations in the Gerrit project configuration files. An attacker who possesses a registered Gerrit account can leverage this vulnerability to inject malicious code into ChromeOS projects. The exploitation of this vulnerability poses significant risks, including the potential for remote code execution, which allows attackers to execute arbitrary code on affected systems. Furthermore, the vulnerability may result in a Denial of Service (DoS), compromising the availability of services and functionality critical to enterprises relying on ChromeOS.

Potential impact of CVE-2025-1568

  1. Remote Code Execution: The vulnerability enables attackers to execute unauthorized code on the affected systems, which could lead to complete system compromise, data theft, or manipulation of critical system processes.

  2. Denial of Service: Exploitation could result in service outages, preventing legitimate users from accessing essential features and leading to operational disruptions for organizations.

  3. Integrity of Software Projects: With the ability to inject malicious code, the vulnerability threatens the integrity of software development processes and pipelines, which can undermine trust in software updates and overall security protocols.

Affected Version(s)

ChromeOS 16063.87.0

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-1568 : Access Control Flaw in Google ChromeOS Gerrit Configuration