Deserialization in Google Cloud Data Fusion
CVE-2025-9571
A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the att…
Vulnerability class: Insecure Deserialization
EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.
Affected products
- Google Cloud Data Fusion — versions 0