Critical severityNVD Advisory· Published Aug 25, 2025· Updated Apr 15, 2026
CVE-2025-9118
CVE-2025-9118
Description
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.