Vulnerability in Google Cloud Composer Exposes Privilege Escalation Risk
Recent findings by cybersecurity experts have unveiled a significant vulnerability in the Google Cloud Platform (GCP), specifically within the Cloud Composer service, which orchestrates workflows based on Apache Airflow. This flaw, dubbed “ConfusedComposer,” has since been addressed and could have potentially allowed attackers to exploit user permissions to gain elevated access to critical GCP services.
According to Liv Matan, a senior security researcher at Tenable, the vulnerability enabled users with edit permissions in Cloud Composer to access the default Cloud Build service account. This service account possesses extensive permissions across various GCP services, including Cloud Storage and Artifact Registry. The availability of such high-level access posed serious risks, as it could allow attackers to manipulate sensitive data and disrupt operations within the cloud environment.
Tenable characterizes ConfusedComposer as a variant of the earlier ConfusedFunction vulnerability, which similarly allowed privilege escalation within GCP’s Cloud Functions service. The report emphasizes a concerning trend where security gaps are inherited across integrated cloud services. This revelation follows another incident disclosed weeks prior, involving a privilege escalation vulnerability in GCP’s Cloud Run known as ImageRunner.
The ramifications of the ConfusedComposer vulnerability are particularly alarming. Attackers could exploit the flaw to inject malicious Python Package Index (PyPI) packages into a Cloud Composer environment, thereby executing arbitrary code within the associated Cloud Build instance. The attack’s efficacy hinges on attackers obtaining permissions to update a Cloud Composer environment, opening a conduit for severe misconduct, including siphoning sensitive data, disrupting service delivery, and implanting persistent backdoors for ongoing access.
In light of responsible disclosure practices, Google addressed the vulnerability as of April 13, 2025. The company eliminated the use of the default Cloud Build service account for package installations, instead opting to utilize the environment’s service account, thus enhancing security measures against similar threats. Google confirmed that existing Cloud Composer 2 environments would transition to this updated protocol, while Cloud Composer 3 implementations remain unaffected.
This disclosure aligns with other significant security challenges emerging in the cloud ecosystem. Notably, Varonis Threat Labs identified a flaw in Microsoft Azure that could enable privileged users to alter server configurations, resulting in potential data loss. Additionally, Datadog Security Labs revealed a critical bug in Microsoft Entra ID administrative units that could obstruct management actions by Global Administrators.
As organizations continue to leverage cloud technologies, it is imperative to acknowledge and address the interconnected nature of these services. The MITRE ATT&CK framework highlights relevant adversary tactics, including privilege escalation, which were likely leveraged during the ConfusedComposer attack. Stakeholders must remain vigilant and proactive in mitigating vulnerabilities to safeguard their cloud infrastructures against evolving threats.
