Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-s6mj-z2g2-4qe5
Vulnerability ID VCID-s6mj-z2g2-4qe5
Aliases CVE-2025-6558
Summary
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-76 Improper Neutralization of Equivalent Special Elements
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6558.json
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2025-6558
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2025-6558
cvssv3.1 8.8 https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
ssvc Attend https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
cvssv3.1 5.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://issues.chromium.org/issues/427162086
ssvc Attend https://issues.chromium.org/issues/427162086
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6558.json
https://api.first.org/data/v1/epss?cve=CVE-2025-6558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6558
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2380254 https://bugzilla.redhat.com/show_bug.cgi?id=2380254
427162086 https://issues.chromium.org/issues/427162086
RHSA-2025:13780 https://access.redhat.com/errata/RHSA-2025:13780
RHSA-2025:13782 https://access.redhat.com/errata/RHSA-2025:13782
RHSA-2025:14421 https://access.redhat.com/errata/RHSA-2025:14421
RHSA-2025:14422 https://access.redhat.com/errata/RHSA-2025:14422
RHSA-2025:14423 https://access.redhat.com/errata/RHSA-2025:14423
RHSA-2025:14432 https://access.redhat.com/errata/RHSA-2025:14432
RHSA-2025:14433 https://access.redhat.com/errata/RHSA-2025:14433
RHSA-2025:14434 https://access.redhat.com/errata/RHSA-2025:14434
RHSA-2025:14486 https://access.redhat.com/errata/RHSA-2025:14486
RHSA-2025:15729 https://access.redhat.com/errata/RHSA-2025:15729
stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
USN-7702-1 https://usn.ubuntu.com/7702-1/
Data source KEV
Date added July 22, 2025
Description Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date Aug. 12, 2025
Note 
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-6558
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6558.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-22T03:55:29Z/ Found at https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://issues.chromium.org/issues/427162086
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-22T03:55:29Z/ Found at https://issues.chromium.org/issues/427162086
Exploit Prediction Scoring System (EPSS)
Percentile 0.51643
EPSS Score 0.00278
Published At June 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:13:30.990319+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0