How severe is CVE-2025-0982?

CVE-2025-0982 has a CVSS v3 score of 10 (CRITICAL).

CVE-2025-0982

Name: application_integration
Author: google

10.0CRITICAL

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Ef

公開日: 2/6/2025更新日: 7/30/2025

説明

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

AI分析AIによる分析

影響を受ける製品

googleapplication_integration

参照

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025
Release Notes