PT-2025-5810 · Google · Google Cloud Application Integration
Tomas Lažauninkas
·
Published
2025-02-06
·
Updated
2025-07-30
·
CVE-2025-0982
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Google Cloud Application Integration (affected versions not specified)
Description:
A sandbox escape issue in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine.
Recommendations:
No further fix actions are needed, as Application Integration will no longer support Rhino as the JavaScript execution engine starting January 24, 2025.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Cloud Application Integration