CVE-2025-13292
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-13292, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: GoogleCloud

Description

A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in versionΒ 1-16-0-apigee-3.Β No user action is required for this.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-07-06
AI Q&A
2025-12-06
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google apigee-x 1-16-0-apigee-3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations.

Impact Analysis

The vulnerability could allow attackers to access and modify sensitive analytics data and logs of other customers, potentially leading to data breaches, loss of data integrity, and exposure of confidential information.

Mitigation Strategies

Upgrade Apigee-X to version 1-16-0-apigee-3 or later, as this vulnerability has been patched in that version. No other user action is required.

Compliance Impact

The vulnerability allowed unauthorized read and write access to analytics data and access logs of other Apigee customer organizations, which could lead to data breaches and unauthorized data exposure. Such incidents can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on data access and protection of personal and sensitive information. However, the vulnerability was patched in version 1-16-0-apigee-3, and no user action is required. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart