Remote Code Execution Vulnerability in Google Cloud Data Fusion
CVE-2025-9571
8.7HIGH
What is CVE-2025-9571?
A vulnerability in Google Cloud Data Fusion allows a user with artifact upload permissions to execute arbitrary code within the core AppFabric component. This can lead to unauthorized control of the Data Fusion instance, exposing sensitive data and compromising data integrity through alterations in data pipelines. Immediate upgrades to versions 6.10.6 or 6.11.1, or later, are essential for users to protect their instances and safeguard their data infrastructure.
Affected Version(s)
Cloud Data Fusion 0 < 6.10.6
Cloud Data Fusion 0 < 6.11.1
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tomas LaĹľauninkas