Cloud SQL privilege escalation

Published Wed, May 24th, 2023


A vulnerability discovered in GCP's Cloud SQL service could be abused to result in complete control of the database engine and access to the host OS. An attacker could have listed and accessed files in the host OS, including any secrets on the machine, as well as gaining access to service agents. However, it is unclear from the report if this level of access could have allowed lateral movement within the Cloud SQL service or grant cross-tenant access to other customers' data. The root cause of this vulnerability is also unclear, though it allowed a series of privilege escalations, initially granting the default sqlserver user access to a GCP admin role, and then the sysadmin role, effectively granting a potential threat actor full access to the SQL server.

Affected Services

Cloud SQL


None required

Tracked CVEs

No tracked CVEs


Disclosure Date
Mon, Feb 13th, 2023
Exploitablity Period
Known ITW Exploitation
Detection Methods
Piercing Index Rating
Discovered by