VYPR
Critical severityNVD Advisory· Published Aug 25, 2025· Updated Apr 15, 2026

CVE-2025-9118

CVE-2025-9118

Description

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2025-9118 · Critical · VYPR