CVE-2025-1122

MEDIUM

Google ChromeOS 15753.50.0 - Out-of-bounds Write in TPM2 Reference Library via NV_Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-1122. PoCs published by FWNavy.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-1122, which leverages an out-of-bounds write in the TPM2 to disable Write-Protect on ChromiumOS devices. The exploit involves modifying the shim stateful partition and rootfs to deploy and execute the exploit binary.

Description

Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.

Exploits (1)

nomisec WORKING POC 2 stars
by FWNavy · poc
https://github.com/FWNavy/RMASmoke

This repository contains a proof-of-concept exploit for CVE-2025-1122, which leverages an out-of-bounds write in the TPM2 to disable Write-Protect on ChromiumOS devices. The exploit involves modifying the shim stateful partition and rootfs to deploy and execute the exploit binary.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: ChromiumOS TPM2
Auth required
Prerequisites: Physical or root access to the target ChromiumOS device · TPM2 access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.7
EPSS 0.0021
EPSS Percentile 11.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
google/chrome 122.0.6261.132
Published Apr 15, 2025
Tracked Since Feb 18, 2026