Google Cloud App Integration JS Task Rhino Sandbox Escape
CVE-2025-0982 Published on February 6, 2025
Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.
Weakness Type
Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Products Associated with CVE-2025-0982
Want to know whenever a new CVE is published for Google Application Integration? stack.watch will email you.
Affected Versions
Google Cloud Application Integration Version 0 is affected by CVE-2025-0982Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.