ImageRunner Vulnerability in Google Cloud Run Exposed Private Container Images to Exploitation

Cybersecurity researchers have unveiled details about a now-patched privilege escalation flaw in Google Cloud Platform (GCP) Cloud Run, which could have enabled attackers to access private container images and inject malicious code.

The vulnerability, named ImageRunner by Tenable, stemmed from improper permission handling in Cloud Run. Specifically, certain identities lacked registry permissions but had the ability to edit Cloud Run revisions, potentially allowing a malicious actor to pull private container images and modify them.

Exploiting Cloud Run's Permissions Flaw

Each time a Cloud Run service is updated or deployed, a new revision is created using a service agent account to retrieve container images from Google Artifact Registry or Google Container Registry. However, researchers found that an attacker with specific permissions—namely, run.services.update and iam.serviceAccounts.actAs—could exploit this process by:

• Modifying a Cloud Run service and deploying a new revision

• Pointing the service to any private container image within the same project

• Accessing proprietary or sensitive container images

• Injecting malicious code to steal secrets, extract sensitive data, or establish remote access via a reverse shell

Google has since addressed the issue with a security patch released on January 28, 2025. The fix enforces stricter access controls, requiring users or service accounts that create or update a Cloud Run resource to have explicit permissions to retrieve container images.

In its release notes, Google emphasized that:

“The principal (user or service account) creating or updating a Cloud Run resource must now have the Artifact Registry Reader (roles/artifactregistry.reader) IAM role on the relevant project or repository.”

A Larger Cloud Security Risk: The Jenga Effect

Tenable classifies ImageRunner as an example of what it calls Jenga vulnerabilities, where security flaws arise due to the interdependent nature of cloud services. When one service is compromised, others built on top of it inherit the risk, leading to new privilege escalation pathways.

“Cloud providers stack their services on top of existing ones,” explains Tenable researcher Liv Matan. “If one layer is attacked, vulnerabilities cascade through the entire system, exposing new risks for defenders.”

Similar Cloud Security Concerns in Microsoft Azure

The disclosure of ImageRunner comes just weeks after cybersecurity firm Praetorian detailed multiple privilege escalation tactics within Microsoft Azure. They discovered ways a low-privileged user could abuse Azure virtual machines (VMs) to gain full control over an Azure subscription:

• Running commands on an Azure VM linked to an admin-level managed identity

• Logging into an Azure VM with high-privilege access

• Attaching an administrative managed identity to an existing VM

• Creating a new VM with elevated privileges and executing malicious commands

Once attackers obtain the Owner role for an Azure subscription, they can potentially escalate privileges further into Microsoft Entra ID (formerly Azure AD), even reaching Global Administrator access.

Cloud Security: A Growing Battlefield

The ImageRunner vulnerability underscores the increasing complexity of cloud security, where interconnected services create new privilege escalation opportunities. As cloud providers build services on top of existing infrastructure, attackers are constantly finding new ways to bypass security restrictions, highlighting the need for continuous monitoring, stricter access controls, and proactive threat detection.