{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1566", "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "state": "PUBLISHED", "assignerShortName": "ChromeOS", "dateReserved": "2025-02-21T21:30:53.937Z", "datePublished": "2025-04-16T23:06:27.847Z", "dateUpdated": "2025-04-17T15:50:50.567Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "ChromeOS", "versions": [{"version": "129.0.6668.36", "status": "affected", "lessThan": "129.0.6668.36", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Network Security Isolation (NSI)"}]}], "providerMetadata": {"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "shortName": "ChromeOS", "dateUpdated": "2025-04-17T00:25:47.669Z"}, "references": [{"url": "https://issuetracker.google.com/issues/342802975"}, {"url": "https://issues.chromium.org/issues/b/342802975"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1319", "lang": "en", "description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T13:32:48.693962Z", "id": "CVE-2025-1566", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T15:50:50.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1566", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T13:32:48.693962Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1319", "description": "CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T15:14:28.569Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "ChromeOS", "versions": [{"status": "affected", "version": "129.0.6668.36", "lessThan": "129.0.6668.36", "versionType": "custom"}]}], "references": [{"url": "https://issuetracker.google.com/issues/342802975"}, {"url": "https://issues.chromium.org/issues/b/342802975"}], "descriptions": [{"lang": "en", "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Network Security Isolation (NSI)"}]}], "providerMetadata": {"orgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "shortName": "ChromeOS", "dateUpdated": "2025-04-17T00:25:47.669Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1566", "state": "PUBLISHED", "dateUpdated": "2025-04-17T15:50:50.567Z", "dateReserved": "2025-02-21T21:30:53.937Z", "assignerOrgId": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "datePublished": "2025-04-16T23:06:27.847Z", "assignerShortName": "ChromeOS"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 129.0.6668.36 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions."}], "id": "CVE-2025-1566", "lastModified": "2025-04-17T20:21:48.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-16T23:15:44.767", "references": [{"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "url": "https://issues.chromium.org/issues/b/342802975"}, {"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "url": "https://issuetracker.google.com/issues/342802975"}], "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1319"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}