CVE-2025-1566

Published Apr 16, 2025

Last updated a month ago

CVSS high 7.5

Overview

Description
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
Source
7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-1319

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.