cvedb.io
CVE-2025-2903
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-04-17T07:15:42.520 · Last modified 2026-06-17T09:07:49.320

Summary

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.