CVE-2025-0982 — CRITICAL (10.0)

Q: How severe is CVE-2025-0982?

CVE-2025-0982 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-0982?

Check the references section above for vendor advisories and patch information. Affected products include: Google Application Integration.

Vulnerability Description

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Application Integration	<= 2025-01-23

Related Weaknesses (CWE)

CWE-829

References

https://cloud.google.com/application-integration/docs/release-notes#January_23_2Release Notes

FAQ

What is CVE-2025-0982?

CVE-2025-0982 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Ef...

How severe is CVE-2025-0982?

CVE-2025-0982 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-0982?

Check the references section above for vendor advisories and patch information. Affected products include: Google Application Integration.