CVE-2025-9571

Published: Dec 10, 2025

Modified: Dec 10, 2025

PUBLISHED

Description

A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance, potentially leading to unauthorized access to sensitive data, modification of data pipelines, and exploration of the underlying infrastructure. The following CDAP versions include the necessary update to protect against this vulnerability: * 6.10.6+ * 6.11.1+ Users must immediately upgrade to them, or greater ones, available at: https://github.com/cdapio/cdap-build/releases .

Vendor	Product	Versions
Google Cloud	Cloud Data Fusion	affected `0 - < 6.10.6` affected `0 - < 6.11.1`

Weaknesses (CWE)

CWE-502

References

https://docs.cloud.google.com/support/bulletins#gcp-2025-076

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-9571

Description

Affected Products

Weaknesses (CWE)

References