VDB

GCVE-110-CLOUD-2025-0029

GCVE-110-CLOUD-2025-0029
Advisory Published
Vulnetix · Advisory published August 21, 2025
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access to other customer's code repositories and data. By preparing a maliciously crafted package.json file, an attacker could exploit a path traversal vulnerability in the npm package installation process, thereby gaining read and write access in other customers' repositories. According to Google, there was no evidence of exploitation in the wild.

Affected Products

VendorProductVersionsPlatforms
CloudflareAccess

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›