CVE-2025-2903

Google Cloud Platform - Privilege Escalation

Title source: llm

Description

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

References (1)

[Various Sources] https://portal.perforce.com/s/detail/a91PA000001Sed3YAC

Scores

EPSS 0.0011

EPSS Percentile 28.9%

Classification

CWE

CWE-267 CWE-268

Status draft

Timeline

Published Apr 17, 2025

Tracked Since Feb 18, 2026