How severe is CVE-2025-0982?

CVE-2025-0982 has a CVSS v3 score of 10 (CRITICAL).

CVE-2025-0982

Name: application_integration
Author: google

10.0CRITICAL

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Ef

发布于: 2/6/2025更新于: 7/30/2025

描述

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

AI分析AI驱动

受影响产品

googleapplication_integration

参考资料

https://cloud.google.com/application-integration/docs/release-notes#January_23_2025
Release Notes