CVE-2025-6177

Published Jun 16, 2025

Last updated 15 days ago

CVSS high 7.4

Overview

Description: Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
Source: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.4
Impact score: 5.9
Exploitability score: 1.4
Vector string: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-269

Hype score: Not currently trending

CVE-2025-6177 Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploi… https://t.co/NkGEkwQHzz
@CVEnew
16 Jun 2025
422 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:chrome_os:16063.45.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C2F47F3-3470-471B-81A4-84FDE3F7256D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References