CVE-2025-1292

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132  stable on Cr50 Boards allows an attacker with root access to gain persistence and 
bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ChromeOSCNA
---
---
CISA-ADPADP
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://issues.chromium.org/issues/b/324336238
https://issuetracker.google.com/issues/324336238