CVE-2025-6044

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 16238.64.0

Description: An Improper Access Control issue in the Stylus Tools component of Google ChromeOS on Lenovo devices allows a physical attacker to bypass the lock screen and access user files. This can be achieved by removing the stylus while the device is closed and using the screen capture feature.

Recommendations: For Google ChromeOS version 16238.64.0, consider disabling the screen capture feature or restricting access to the Stylus Tools component as a temporary workaround until a patch is available.

Fix

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

BDU:2025-09937

CVE-2025-6044

Affected Products

Chrome Os

CVE-2025-6044

Weakness Enumeration

Related Identifiers

Affected Products

References · 12