CVE-2025-6558 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2025-6558?

CVE-2025-6558 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-6558?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Debian Debian Linux, Apple Safari, Apple Ipados, Apple Iphone Os.

Vulnerability Description

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Chrome	< 138.0.7204.157
Debian	Debian Linux	11.0
Apple	Safari	< 18.6
Apple	Ipados	< 18.6
Apple	Iphone Os	< 18.6
Apple	Macos	< 15.6
Apple	Visionos	< 2.6
Apple	Watchos	< 11.6
Wpewebkit	Wpe Webkit	< 2.48.0
Webkitgtk	Webkitgtk	< 2.48.0

Related Weaknesses (CWE)

CWE-20

References

https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_Release Notes
https://issues.chromium.org/issues/427162086Issue TrackingPermissions Required
http://seclists.org/fulldisclosure/2025/Aug/0Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jul/30Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jul/32Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jul/35Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jul/37Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/08/02/1Mailing List
https://lists.debian.org/debian-lts-announce/2025/08/msg00015.htmlMailing ListThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource

FAQ

What is CVE-2025-6558?

CVE-2025-6558 is a vulnerability with a CVSS score of 8.8 (HIGH). Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromiu...

How severe is CVE-2025-6558?

CVE-2025-6558 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6558?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Debian Debian Linux, Apple Safari, Apple Ipados, Apple Iphone Os.