VDB

GCVE-110-CLOUD-2025-0036

GCVE-110-CLOUD-2025-0036
Advisory Published
Vulnetix · Advisory published April 22, 2025
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.

Affected Products

VendorProductVersionsPlatforms
GCPCloud Build

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›