← Back to CVEs
CVE-2025-6044
MEDIUM6.1
Description
An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/7/2025
Last Modified10/3/2025
Sourcenvd
Honeypot Sightings0
Affected Products
google:chrome_os
Weaknesses (CWE)
CWE-287
References
https://issues.chromium.org/issues/b/421184743(7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/421184743(7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.