CVE-2025-6558

HIGH KEV

Google Chrome <138.0.7204.157 - RCE

Title source: llm

Exploitation Summary

CVE-2025-6558 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 22, 2025. EIP tracks 2 public exploits from researchers including DevBuiHieu, gmh5225.

AI-analyzed exploit summary The repository contains only a README.md with a title and no substantive content or exploit code. No technical details or proof-of-concept are provided.

Description

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Exploits (2)

nomisec STUB 7 stars

by DevBuiHieu · client-side

https://github.com/DevBuiHieu/CVE-2025-6558-Proof-Of-Concept

View Code ZIP pw:eip

The repository contains only a README.md with a title and no substantive content or exploit code. No technical details or proof-of-concept are provided.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by gmh5225 · poc

https://github.com/gmh5225/CVE-2025-6558-exp

View Code ZIP pw:eip

This repository contains a writeup for CVE-2025-6558, a critical sandbox escape vulnerability in Google Chrome's ANGLE/GPU components. The vulnerability allows remote code execution via malicious WebGL/HTML content, but no actual exploit code is provided.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Google Chrome < 138.0.7204.157

No auth needed

Prerequisites: User visits a malicious webpage with crafted WebGL/HTML content

MITRE ATT&CK