The landscape of cloud security is continually evolving, marked by innovations and challenges that both enterprises and cybersecurity professionals face in their operations. Among the recent vulnerabilities, two critical issues have surfaced that emphasize the importance of stringent access controls and the inherent risks associated with multi-service dependencies in cloud architectures. This blog delves into the “ConfusedComposer” vulnerability in Google Cloud Composer and a severe Remote Code Execution (RCE) vulnerability in Erlang/OTP’s SSH, emphasizing their implications and mitigation strategies.

---

The “ConfusedComposer” Vulnerability in Google Cloud Composer

Overview

Cloud Composer, a managed workflow orchestration service based on Apache Airflow, is utilized extensively for automating the orchestration of data workflows in the Google Cloud Platform (GCP). A recently identified vulnerability dubbed “ConfusedComposer” allows attackers with minimal edit permissions to escalate their access privileges to default Cloud Build service accounts, potentially leading to unauthorised access and manipulation of sensitive resources across various GCP services, such as Cloud Storage and Artifact Registry.

Technical Details

The vulnerability hinges on the ability of users to install custom Python packages through the Python Package Index (PyPI), which trigger automatic executions of installation scripts within the Cloud Build environment. This gives attackers a pathway to execute arbitrary code with elevated privileges, provided they gain access to the Cloud Build metadata API. Researchers from Tenable indicated that simply having the composer.environments.update permission grants access to the high-risk capabilities of the Cloud Build service account.

Google’s Remediation: In a timely response, Google mitigated this issue by adjusting the service account usage in Composer environments. As of April 13, 2025, installations will utilize the environment’s service account rather than the default Cloud Build service account, thus reducing the potential attack surface.

Contextual Risk Assessment

This vulnerability falls under the “Jenga” attack framework proposed by Tenable, which posits that as cloud service providers build new services on top of existing ones, an interconnectivity can create unforeseen vulnerabilities. This incident emphasizes the critical need for thorough audits and vulnerability assessments of cloud platforms, especially those involving automated deployment processes.

---

Severe Erlang/OTP SSH Vulnerability (CVE-2025-32433)

Overview

Simultaneously, a significant vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) poses grave risks, especially for Internet of Things (IoT) and telecommunications sectors. Discovered on April 16, 2025, this Remote Code Execution vulnerability allows unauthenticated attackers to gain full access to devices, leading to potential large-scale compromises.

Technical Insights

The vulnerability arises from a flaw in the SSH protocol message handling, allowing attackers to send forged messages before authentication is completed. This alarming defect, given its severe CVSS score of 10, reveals the risk of exploitation in critical network infrastructure.

Key Implications:

• Total Control Over Devices: Once an attacker exploits this vulnerability, they gain unrestricted control, allowing for unauthorized data access and potential denial-of-service (DoS) attacks.
• Chain Reactions: Attackers can traverse through network segments unchecked, leading to a domino effect of breaches across an organization’s digital infrastructure.

Mitigation Recommendations: Security experts, including those from Arctic Wolf, recommend enterprises upgrade to the latest Erlang/OTP versions immediately. For immediate measures, restricting SSH access through firewall rules is advised, as organizations assess their systems.

Recent Learnings and Best Practices

The rapid dissemination of Proof-of-Concept (PoC) exploit codes following the vulnerability’s disclosure underscores an immediate window of risk for enterprises. To fortify against such exploits, organizations are encouraged to:

1. Implement Layered Security: Employ multiple defense mechanisms, including firewalls, IDS/IPS, and strict access controls around vulnerable services.
2. Continuous Monitoring: Maintain a robust security incident and event management (SIEM) system to identify and respond to unusual or unauthorized activities swiftly.
3. Regular Patch Management: Develop a rigorous patch management protocol to ensure timely application of security updates, focusing on critical infrastructure.

---

Conclusion

The “ConfusedComposer” and Erlang/OTP SSH vulnerabilities serve as stark reminders of the complexities and risks inherent in modern cloud infrastructures. As cyber threats evolve, both organizations and cybersecurity professionals must prioritize rigorous access controls, continuous security assessments, and swift responses to vulnerabilities. Enhanced collaboration and knowledge sharing within the community are essential to developing robust defense strategies that adapt to the ever-increasing sophistication of cyber threats. Investing in cloud security not only protects vital resources but also safeguards the integrity of the broader digital ecosystem.

By fostering a culture of transparency and vigilance in security practices, organizations can better protect themselves against the inherent challenges posed by an increasingly connected world.