How severe is CVE-2025-0982?

CVE-2025-0982 has a CVSS v3 score of 10 (CRITICAL).

CVE-2025-0982

Name: application_integration
Author: google

10.0CRITICAL

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Ef

Published: 2/6/2025Updated: 7/30/2025

Description

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

AI AnalysisPowered by AI

Affected Products

googleapplication_integration

References

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025
Release Notes