CVE-2025-0982

EPSS 0.05%
Veröffentlicht 06.02.2025 12:15:27
Zuletzt bearbeitet 30.07.2025 18:14:06
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Application Integration Version <= 2025-01-23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cve-coordination@google.com	9.4	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-0982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0982

EUVD