← Volver a CVEs
CVE-2025-0982
CRITICAL10.0
Descripcion
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/6/2025
Ultima modificacion7/30/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
google:application_integration
Debilidades (CWE)
CWE-829CWE-829
Referencias
https://cloud.google.com/application-integration/docs/release-notes#January_23_2025(cve-coordination@google.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.