CVE-2025-6044 — MEDIUM (6.1)

Vulnerability Description

An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome Os	16238.64.0

Related Weaknesses (CWE)

CWE-287

References

https://issues.chromium.org/issues/b/421184743Broken Link
https://issuetracker.google.com/issues/421184743Permissions Required

FAQ

What is CVE-2025-6044?

CVE-2025-6044 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and acce...

How severe is CVE-2025-6044?

CVE-2025-6044 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6044?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome Os.