VDB

GCVE-110-CLOUD-2025-0039

GCVE-110-CLOUD-2025-0039
Advisory Published
Vulnetix · Advisory published April 1, 2025
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without explicit registry access could deploy new revisions of Cloud Run services that pulled private container images stored in the same GCP project. This was possible because Cloud Run uses a service agent with the necessary registry read permissions to retrieve these images, regardless of the caller’s access level. By updating a service revision and injecting malicious commands into the container's arguments (e.g., using Netcat for reverse shell access), attackers could extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent’s trust model, which did not enforce a separate registry permission check on the deploying identity. Google has since modified this behavior to require that the identity updating the Cloud Run resource also has explicit Artifact Registry Reader or Storage Object Viewer roles.

Affected Products

VendorProductVersionsPlatforms
GCPArtifact Registry
GCPCloud Run

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›