PT-2025-16942 · Google · Google Cloud Platform
Published
2025-03-21
·
Updated
2025-04-19
·
CVE-2025-2903
CVSS v4.0
8.5
High
| Vector | AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Google Cloud Platform (affected versions not specified)
Description
The issue allows an attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature to login via SSH, gaining command-line control of the operating system. This enables the attacker to access sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Google Cloud Platform