Remote Code Execution Vulnerability in Google Cloud Data Fusion
CVE-2025-9571

8.7HIGH

Key Information:

Vendor: Google Cloud
Status: Cloud Data Fusion
Vendor: CVE Published:; 10 December 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-9571?

A vulnerability in Google Cloud Data Fusion allows a user with artifact upload permissions to execute arbitrary code within the core AppFabric component. This can lead to unauthorized control of the Data Fusion instance, exposing sensitive data and compromising data integrity through alterations in data pipelines. Immediate upgrades to versions 6.10.6 or 6.11.1, or later, are essential for users to protect their instances and safeguard their data infrastructure.

Affected Version(s)

Cloud Data Fusion 0 < 6.10.6

Cloud Data Fusion 0 < 6.11.1

References

https://docs.cloud.google.com/support/bulletins#gcp-2025-076

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Aug 28, 2025

Credit

Tomas Lažauninkas

JSON