CVE-2025-1568: Gerrit Access Control Vulnerability Allows Malicious Code Injection in ChromeOS

Description

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0.6778.268 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

Classification

CVE ID: CVE-2025-1568

Problem Types

Code execution

Affected Products

Vendor: Google

Product: ChromeOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 32.34% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1568
https://issuetracker.google.com/issues/374279912
https://issues.chromium.org/issues/b/374279912

Timeline

2025-04-17 00:40:22 UTC
CVE

Gerrit Access Control Vulnerability Allows Malicious Code Injection in ChromeOS