- Description
- Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
- Source
- cve-coordination@google.com
- NVD status
- Received
- CNA Tags
- exclusively-hosted-service
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve-coordination@google.com
- CWE-829
- Hype score
- Not currently trending
🚨 Critical Alert: CVE-2025-0982 in Google Cloud Application Integration 🚨 . A sandbox escape vulnerability allows arbitrary code execution via Rhino engine. Risk: malicious code, cloud breaches. . #ahmedmansourcsofficial #CVE20250982 https://t.co/BdYGP9y6Bl
@CsAhmedmansour
7 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0982 Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code … https://t.co/uKnOw9k4L3
@CVEnew
6 Feb 2025
397 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes