CVE-2025-1568

Description

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

PUBLISHED Reserved 2025-02-21 | Published 2025-04-16 | Updated 2025-05-20 | Assigner ChromeOS

Problem types

Code execution

Product status

References

issuetracker.google.com/issues/374279912

issues.chromium.org/issues/b/374279912

cve.org (CVE-2025-1568)

nvd.nist.gov (CVE-2025-1568)

Download JSON