JavaScript Task Sandbox Escape in Google Cloud Application Integration
CVE-2025-0982

9.4CRITICAL

Key Information:

Vendor: Google Cloud
Status: Application Integration
Vendor: CVE Published:; 6 February 2025

Summary

A sandbox escape vulnerability has been identified in the JavaScript Task feature of Google Cloud Application Integration. This flaw allows malicious actors to execute arbitrary unsandboxed code through crafted JavaScript, utilizing the Rhino engine. As of January 24, 2025, Google Cloud Application Integration will cease support for the Rhino engine, mitigating this issue. No further action is required for users in this respect.

Affected Version(s)

Application Integration 0

References

https://cloud.google.com/application-integration/docs/rel...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Feb 3, 2025