Security bulletins

This page describes all security bulletins related to Cloud Data Fusion.

GCP-2025-076

Published: 2025-12-08

Description	Severity	Notes
A remote code execution vulnerability, CVE-2025-9571, was discovered in Cloud Data Fusion. Users with permissions to upload artifacts to a Cloud Data Fusion instance could exploit this vulnerability to execute arbitrary code within the core AppFabric component. This could allow an attacker to gain control over the Cloud Data Fusion instance, potentially leading to unauthorized access to sensitive data, modification of data pipelines, and exploration of the underlying infrastructure. What should I do? Upgrade your Cloud Data Fusion instance to the General Availability (GA) version 6.11.1. You can download the necessary update from the CDAP build repository.	High	CVE-2025-9571

Description

Severity

Notes

A remote code execution vulnerability, CVE-2025-9571, was discovered in Cloud Data Fusion. Users with permissions to upload artifacts to a Cloud Data Fusion instance could exploit this vulnerability to execute arbitrary code within the core AppFabric component. This could allow an attacker to gain control over the Cloud Data Fusion instance, potentially leading to unauthorized access to sensitive data, modification of data pipelines, and exploration of the underlying infrastructure.

What should I do?

Upgrade your Cloud Data Fusion instance to the General Availability (GA) version 6.11.1.

You can download the necessary update from the CDAP build repository.

High

CVE-2025-9571

Security bulletins Stay organized with collections Save and categorize content based on your preferences.

GCP-2025-076

What should I do?

Security bulletins