VYPR
Unrated severityNVD Advisory· Published Jun 16, 2025· Updated Feb 26, 2026

ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked

CVE-2025-6177

Description

Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).

Affected products

2
  • Google/Chromellm-fuzzy2 versions
    = 16063.45.2 (and potentially others)+ 1 more
    • (no CPE)range: = 16063.45.2 (and potentially others)
    • (no CPE)range: 16063.45.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.