Security Advisory

CVE-2025-9118

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-25 07:05:31

Last updated 2025-08-25 13:48:40

Assigner GoogleCloud

State PUBLISHED

Description

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers repositories via a maliciously crafted package.json file.

← Browse all CVEs View on cve.org ↗