CVE-2025-1568: Gerrit Access Control Vulnerability Allows Malicious Code Injection in ChromeOS
First published: Wed Apr 16 2025(Updated: )
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
Credit: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1568?
CVE-2025-1568 is classified with a high severity due to its potential to allow remote code execution and denial of service.
How do I fix CVE-2025-1568?
To fix CVE-2025-1568, ensure that your Google ChromeOS is updated to the latest version released by Google.
Who is affected by CVE-2025-1568?
CVE-2025-1568 affects users of Google ChromeOS, specifically those using version 131.0.6778.268.
What type of vulnerability is CVE-2025-1568?
CVE-2025-1568 is an access control vulnerability that allows an attacker to exploit the Gerrit project configuration.
Can CVE-2025-1568 lead to remote code execution?
Yes, CVE-2025-1568 can potentially allow an attacker to perform remote code execution on affected systems.
- agent/title
- agent/type
- agent/first-publish-date
- agent/references
- agent/description
- agent/softwarecombine
- agent/author
- agent/source
- agent/event
- agent/tags
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- vendor/google