CVE-2025-9118

NONE

—CVSS v3

—CVSS v2

0.40% EPSS (exploit probability)

CWE-22CWE

Description

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE