CVE-2025-8292 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Chrome	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	vulnerable
bullseye	vulnerable
bookworm	vulnerable
bookworm (security)	138.0.7204.183-1~deb12u1 fixed
trixie	vulnerable
sid	vulnerable

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Google Chrome: Schwachstelle ermöglicht nicht spezifizierten Angriff
Ein entfernter, anonymer Angreifer kann diese Schwachstelle in Google Chrome ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, möglicherweise Speicher zu entführen und beliebigen Code auszuführen.
Published: 2025-07-29T22:00:00+00:00

References

https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html

https://issues.chromium.org/issues/426054987