Search for vulnerabilities
Vulnerability details: VCID-w3hq-5t3a-y7hp
Vulnerability ID VCID-w3hq-5t3a-y7hp
Aliases CVE-2025-6554
Summary Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6554.json
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00196 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00196 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2025-6554
cvssv3.1 8.1 https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
ssvc Attend https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
cvssv3.1 8.1 https://issues.chromium.org/issues/427663123
ssvc Attend https://issues.chromium.org/issues/427663123
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6554.json
https://api.first.org/data/v1/epss?cve=CVE-2025-6554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6554
2375684 https://bugzilla.redhat.com/show_bug.cgi?id=2375684
427663123 https://issues.chromium.org/issues/427663123
CVE-2025-6554 https://nvd.nist.gov/vuln/detail/CVE-2025-6554
stable-channel-update-for-desktop_30.html https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
Data source KEV
Date added July 2, 2025
Description Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date July 23, 2025
Note 
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6554.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-02T17:40:58Z/ Found at https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://issues.chromium.org/issues/427663123
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-07-02T17:40:58Z/ Found at https://issues.chromium.org/issues/427663123
Exploit Prediction Scoring System (EPSS)
Percentile 0.32144
EPSS Score 0.00122
Published At Sept. 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:25:29.405543+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/6xxx/CVE-2025-6554.json 37.0.0