CVE-2025-9571 is a remote code execution vulnerability classified under CWE-502 (Deserialization of Untrusted Data) affecting Google Cloud Data Fusion, a managed data integration service. The flaw exists within the core AppFabric component, which processes uploaded artifacts. A user with permissions to upload artifacts can craft malicious serialized data that, when deserialized by the system, triggers arbitrary code execution. This vulnerability does not require user interaction or elevated privileges beyond artifact upload rights, making it relatively easy to exploit in environments where such permissions are granted. Successful exploitation can lead to full compromise of the Data Fusion instance, allowing attackers to access sensitive data, alter or disrupt data pipelines, and potentially pivot to underlying infrastructure. The vulnerability affects versions before CDAP 6.10.6 and 6.11.1, with patches released on GitHub. The CVSS 4.0 score of 8.7 reflects high impact on confidentiality, integrity, and availability, combined with network attack vector and low attack complexity. No known exploits have been reported in the wild yet, but the threat is significant given the critical role of Data Fusion in cloud data workflows.

For European organizations, this vulnerability poses a significant risk to data confidentiality, integrity, and availability within cloud data integration environments. Compromise of Data Fusion instances could lead to unauthorized exposure of sensitive or regulated data, violating GDPR and other data protection laws. Manipulation of data pipelines could disrupt business operations, corrupt analytics, or cause erroneous decision-making. Additionally, attackers gaining foothold in Data Fusion could explore and potentially escalate privileges within the broader cloud infrastructure, increasing the attack surface. Organizations in sectors such as finance, healthcare, and critical infrastructure that rely on Google Cloud Data Fusion for data processing are particularly at risk. The impact extends beyond data loss to reputational damage, regulatory penalties, and operational downtime.

European organizations should immediately upgrade all Google Cloud Data Fusion instances to CDAP versions 6.10.6 or 6.11.1 or later to remediate this vulnerability. Review and restrict artifact upload permissions to the minimum necessary users, implementing strict access controls and monitoring. Employ network segmentation and zero-trust principles to limit exposure of Data Fusion instances. Enable detailed logging and anomaly detection to identify suspicious artifact uploads or unusual activity within Data Fusion. Conduct regular audits of user permissions and artifact repositories. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions that can detect and block exploitation attempts. Finally, maintain an incident response plan tailored to cloud service compromises to rapidly contain and remediate any breaches.