CVE-2025-1122

Name: CVE-2025-1122
Creator: NVD / NIST
Published: 2025-04-15T20:15:38.317+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2025-1122 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.21%

11.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Google	Chrome	122.0.6261.132

References

https://issues.chromium.org/issues/b/324336238Broken Link
https://issuetracker.google.com/issues/324336238Exploit, Issue Tracking

Timeline

Published: Apr 15, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-1122?

How severe is CVE-2025-1122?

CVE-2025-1122 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2025-1122?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-1122?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST