CVE-2025-0982

Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)

CVSS 9.4 CRITICALEPSS 0.2%CWE-829

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Produtos afetados

Google Cloud · Application Integration

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025