- Description
- Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.
- Source
- 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-284
- Hype score
- Not currently trending
A Gerrit misconfiguration in Google projects, dubbed GerriScary, could have enabled malicious code injection via permission issues and race conditions, posing a supply chain risk. CVE-2025-1568. 🚨 #GerritAlert #TechSecurity #USA https://t.co/ginFnKsW2J
@TweetThreatNews
18 Jun 2025
36 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👻This is GerriScary: a vulnerability I discovered in Google's Gerrit that allowed to hack several projects and affected 18 Google projects including ChromiumOS (CVE-2025-1568), Chromium, Bazel, and Dart. Dive into the full details here: https://t.co/QDDEmy0pwG https://t.co/h6
@terminatorLM
17 Jun 2025
4116 Impressions
23 Retweets
71 Likes
37 Bookmarks
6 Replies
1 Quote
CVE-2025-1568 Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject … https://t.co/fJC62HYJY9
@CVEnew
17 Apr 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes