CVE-2025-5419 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Chrome	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
google	chrome	𝑥 < 137.0.7151.68
microsoft	edge_chromium	𝑥 < 137.0.3296.62

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	vulnerable
bullseye	vulnerable
bookworm	vulnerable
bookworm (security)	138.0.7204.157-1~deb12u1 fixed
trixie	138.0.7204.92-1 fixed
sid	138.0.7204.157-1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[ENGLISH] Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and
Published: 2025-07-16T14:43:00+05:30

References

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

https://issues.chromium.org/issues/420636529

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419