CVE-2025-1122

EUVD-2025-10991
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0  stable on Cr50 Boards allows an attacker with root access to gain persistence and 
Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
googlechrome
122.0.6261.132
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://issues.chromium.org/issues/b/324336238
https://issuetracker.google.com/issues/324336238