CVE-2025-6177
Last modified
CVE-2025-6177 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).. EPSS estimates a 0.08% chance of exploitation in the next 30 days.
Description
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome Os | 16063.45.2 |
References
- https://issuetracker.google.com/issues/382540412Issue Tracking, Mailing List
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-6177?
How severe is CVE-2025-6177?
How do I fix CVE-2025-6177?
Are you affected by CVE-2025-6177?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST