OS Login Vulnerability in Google Cloud Platform Products
CVE-2025-2903

8.5HIGH

Key Information:

Vendor: Perforce
Status: Delphix
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-2903?

An improper access control vulnerability allows an attacker with knowledge of user account creation during VM deployment on Google Cloud Platform to gain unauthorized SSH access via the OS Login feature. This exploitation enables attackers to execute commands, potentially accessing sensitive data, installing malicious applications, and disrupting the virtual machine's operations. Admins should review security configurations to safeguard against unauthorized access.

Affected Version(s)

Delphix 14.0.0.0 <= 2025.2.0.0

References

https://portal.perforce.com/s/detail/a91PA000001Sed3YAC

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Mar 28, 2025

JSON

Perforce

What is CVE-2025-2903?

Affected Version(s)

References

CVSS V4

Timeline