OS Login Vulnerability in Google Cloud Platform Products
CVE-2025-2903

8.5HIGH

Key Information:

Vendor: Perforce
Status: Delphix
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-2903?

An improper access control vulnerability allows an attacker with knowledge of user account creation during VM deployment on Google Cloud Platform to gain unauthorized SSH access via the OS Login feature. This exploitation enables attackers to execute commands, potentially accessing sensitive data, installing malicious applications, and disrupting the virtual machine's operations. Admins should review security configurations to safeguard against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Delphix 14.0.0.0 <= 2025.2.0.0

References

https://portal.perforce.com/s/detail/a91PA000001Sed3YAC

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Mar 28, 2025

JSON

Perforce

What is CVE-2025-2903?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.