CVE-2025-0982

CRITICAL

Google Cloud App Integ - Sandbox Escape

Title source: llm

Description

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

References (1)

[Release Notes] https://cloud.google.com/application-integration/docs/release-notes#January_23_2025

Scores

CVSS v3 10.0

EPSS 0.0007

EPSS Percentile 21.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (1)

google/application_integration < 2025-01-23

Published Feb 06, 2025

Tracked Since Feb 18, 2026