← Voltar para CVEs
CVE-2025-0982
CRITICAL10.0
Descricao
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/6/2025
Ultima modificacao7/30/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
google:application_integration
Fraquezas (CWE)
CWE-829CWE-829
Referencias
https://cloud.google.com/application-integration/docs/release-notes#January_23_2025(cve-coordination@google.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.