Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data.
April 2, 2025 By Eduard Kovacs
Google Cloud recently patched a privilege escalation vulnerability that could have allowed threat actors to gain access to sensitive information.
The vulnerability, discovered by researchers at Tenable, has been named ImageRunner because it impacts Cloud Run, a fully managed serverless platform that allows developers to deploy and run containerized applications directly on Google’s infrastructure.
Google Cloud told SecurityWeek that it notified Cloud Run customers about the vulnerability in November 2024, and fully deployed a security enhancement to address the issue on January 28, 2025.
According to Tenable, the ImageRunner vulnerability could have been exploited by an attacker who had certain permissions on the targeted user’s project to modify a Cloud Run service, which could enable them to access sensitive or proprietary images.
