CVE-2025-0982

EPSS 0.05%
Published 06.02.2025 12:15:27
Last modified 30.07.2025 18:14:06
Source cve-coordination@google.com
Teams watchlist Login
Open Login

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Application Integration Version <= 2025-01-23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cve-coordination@google.com	9.4	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-0982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0982

EUVD