CVE-2025-2903

Vulnerability Description

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

Related Weaknesses (CWE)

CWE-267 CWE-268

References

https://portal.perforce.com/s/detail/a91PA000001Sed3YAC

FAQ

What is CVE-2025-2903?

CVE-2025-2903 is a documented vulnerability. An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating sys...

How severe is CVE-2025-2903?

CVSS scoring is not yet available for CVE-2025-2903. Check NVD for updates.

Is there a patch for CVE-2025-2903?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.