CVE-2025-6177

HIGH 7.4

ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

CVSS Score

7.4

EPSS Score

0.0%

EPSS Percentile

0th

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).

Vendor	google
Product	chromeos
Ecosystems	Android Cloud Chrome
Industries	Technology
Published	Jun 16, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for google chromeos

Be the first to know when new high vulnerabilities affecting google chromeos are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google / ChromeOS

16063.45.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

issuetracker.google.com: https://issuetracker.google.com/issues/382540412 issues.chromium.org: https://issues.chromium.org/issues/b/382540412