Deserialization in Google Cloud Data Fusion

CVE-2025-9571

A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the att…

Vulnerability class: Insecure Deserialization

EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References