CVE-2025-2903

HIGH

Google Cloud Platform - Privilege Escalation

Title source: llm

Description

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

References (1)

[Various Sources] https://portal.perforce.com/s/detail/a91PA000001Sed3YAC

Scores

CVSS v4 8.5

EPSS 0.0011

EPSS Percentile 28.5%

CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-267 CWE-268

Status published

Products (1)

Perforce/Delphix 14.0.0.0 - 2025.2.0.0

Published Apr 17, 2025

Tracked Since Feb 18, 2026