What is the CVSS score of CVE-2025-1121?

CVE-2025-1121 has a CVSS 3.1 base score of 6.8 (Medium). CVSS vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Chrome are affected by CVE-2025-1121?

Organizations using Installer and Recovery image handling in Google ChromeOS should be aware of notable risk from CVE-2025-1121, a improper privilege management vulnerability rated CVSS 6.8.

How to fix or mitigate CVE-2025-1121?

Within 30 days: Identify affected systems running Installer and Recovery image handling in Google ChromeOS and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Chrome CVE-2025-1121

MEDIUM

Improper Privilege Management (CWE-269)

2025-03-07 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Privilege Escalation Chrome Google Chrome Os

6.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:30 vuln.today

CVE Published

Mar 07, 2025 - 00:15 nvd

MEDIUM 6.8

DescriptionNVD

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.

AnalysisAI

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image. Affected products include: Google Chrome Os. Version information: version 15786.48.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-8842 MEDIUM This Month

6.4 May 27

Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti

CVE-2025-68712 MEDIUM This Month

5.5 May 27

Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circum

CVE-2026-7552 MEDIUM This Month

5.3 May 28

Authorization bypass in the Geo Mashup WordPress plugin (all versions ≤ 1.13.19) exposes sensitive plugin configuration

CVE-2025-68709 MEDIUM This Month

5.2 May 26

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app send

CVE-2025-1121 vulnerability details – vuln.today

Back

Chrome CVE-2025-1121

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code