Starting April 29, 2025, Gemini 1.5 Pro and Gemini 1.5 Flash models are not available in projects that have no prior usage of these models, including new projects. For details, see Model versions and lifecycle .

Security bulletins

The following describes all security bulletins related to Vertex AI.

GCP-2024-063

Published: 2024-12-06

Description	Severity	Notes
A vulnerability was discovered in the Vertex AI API serving Gemini multimodal requests, allowing bypass of VPC Service Controls . An attacker may be able to abuse the `fileURI` parameter of the API to exfiltrate data. What should I do? No actions needed. We've implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected. What vulnerabilities are being addressed? The Vertex AI API serving Gemini multimodal requests lets you include media files by specifying the URL of the media file in the `fileUri` parameter. This capability can be used to bypass VPC Service Controls perimeters. An attacker inside the service perimeter could encode sensitive data in the `fileURI` parameter to bypass the service perimeter.	Medium	CVE-2024-12236

Security bulletins Stay organized with collections Save and categorize content based on your preferences.

GCP-2024-063

Security bulletins