VDB
GCVE-110-CLOUD-2025-0039
GCVE-110-CLOUD-2025-0039
Advisory Published
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller’s access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent’s
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior to require that the identity updating the Cloud Run
resource also has explicit Artifact Registry Reader or Storage Object Viewer roles.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | Artifact Registry | — | — |
| GCP | Cloud Run | — | — |
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.