CVE-2025-0982

critical

Description

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

References

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025

Details

Source: Mitre, NVD

Published: 2025-02-06

Updated: 2025-02-06

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.4

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N