Console

Security bulletins

This page describes all security bulletins related to Dataform.

GCP-2025-045

Published: 2025-08-21

Description	Severity	Notes
An external researcher reported a vulnerability in the Dataform API through the Google and Alphabet Vulnerability Reward Program (VRP). This vulnerability could potentially allow unauthorized access to customer code repositories and data. Google quickly fixed the issue and released the fix to all regions. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Google has already applied mitigations to all impacted products and services. What vulnerabilities are being addressed? For more information, see CVE-2025-9118.	Critical	CVE-2025-9118

Description

Severity

Notes

An external researcher reported a vulnerability in the Dataform API through the Google and Alphabet Vulnerability Reward Program (VRP). This vulnerability could potentially allow unauthorized access to customer code repositories and data. Google quickly fixed the issue and released the fix to all regions. At this time, no evidence of exploitation has been found or reported to Google.

What should I do?

No customer action is required. Google has already applied mitigations to all impacted products and services.

What vulnerabilities are being addressed?

For more information, see CVE-2025-9118.

Critical

CVE-2025-9118

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-21 UTC.

Security bulletins Stay organized with collections Save and categorize content based on your preferences.

GCP-2025-045

What should I do?

What vulnerabilities are being addressed?

Security bulletins