CVE-2025-2903 HIGH

CVE-2025-2903: Privilege Chaining in Delphix

Vendor Perforce
Product Delphix
Weakness CWE-268
Published April 17, 2025
Last update April 17, 2025

CVSS base score

8.5/10
Attack vector Physical
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.

Key dates

02Disclosure timeline

April 17, 2025 CVE published
April 17, 2025 Record updated