CVE-2025-1566

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 16, 2025

Updated: May 6, 2025

CWE ID 1319

Summary

CVE-2025-1566 is a newly identified vulnerability affecting Google ChromeOS Dev Channel on version 16002.23.0. This issue involves a DNS leak in the Native System VPN feature, where DNS queries are not properly tunneled during VPN state transitions. As a result, network observers can intercept and view the plaintext DNS queries, posing a significant risk to user privacy and security. The vulnerability is particularly concerning as DNS queries often contain sensitive information, such as IP addresses and domain names, which can be used to track online activity or carry out further attacks. Users are advised to update their systems as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Google Chrome OS

Affected Vendors

Google

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners