Google Cloud and Microsoft Azure Vulnerabilities Patched

April 22, 2025
|In Cybersecurity News
|By Diego MacCastrillon

Google Cloud and Microsoft Azure Flaw Could Have Led to Major Privilege Escalation

Security experts recently uncovered a serious vulnerability in Google Cloud Platform’s (GCP) Cloud Composer service, which could have allowed hackers to gain higher-level access than intended. The issue, now fixed, affected the workflow management tool based on Apache Airflow.

You might be interested in: Google Blocked 5 Billion Bad Ads & Banned 39 Million Accounts

According to researchers at Tenable, attackers with basic editing rights in Cloud Composer could have exploited this weakness to take control of a powerful system account linked to multiple GCP services, including Cloud Storage and Artifact Registry.

This flaw, nicknamed ConfusedComposer, works similarly to an earlier GCP issue called ConfusedFunction, where hackers could misuse permissions to access sensitive data.

How the Google Cloud and Microsoft Azure Attack Worked

  • Attackers needed only the ability to modify a Cloud Composer environment.

  • They could then upload a harmful Python package (PyPI) designed to run malicious code.

  • This code would execute in Cloud Build, giving them broader access across GCP.

Google fixed the problem by no longer using the default Cloud Build account for installing packages. Instead, Cloud Composer now relies on the environment’s own service account, reducing the risk of misuse.

Google Cloud and Microsoft Azure Also Patched a Dangerous SQL Server Bug

In a separate case, researchers found a flaw in Microsoft Azure that could let attackers with SQL Server access manipulate firewall rules in a way that causes data loss.

Key Risks of the Azure Vulnerability

  • Hackers could inject hidden commands into firewall rule names.

  • When an admin took certain actions, these commands could delete important Azure resources.

  • Microsoft fixed the issue after being alerted in August 2024.

Another Microsoft Entra ID Bug Discovered

Security analysts also reported a problem in Microsoft’s identity management system, Entra ID. Attackers could have exploited it to lock certain user accounts, making them impossible to delete or modify—even by top-level admins.

Microsoft resolved this flaw in February 2025.

Hackers Targeting AWS EC2 Instances

Meanwhile, cybercriminals are actively exploiting Server-Side Request Forgery (SSRF) flaws to steal sensitive data from AWS cloud servers. These attacks focus on extracting metadata, including private keys and access credentials.

How to Stay Protected

  • Keep cloud services updated with the latest patches.

  • Limit user permissions to only what’s necessary.

  • Monitor for unusual activity in cloud environments.

Both Google and Microsoft have addressed these security gaps, but the findings highlight the importance of constant vigilance in cloud security.

Breaches