CVE-2025-13292
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-08
Assigner: GoogleCloud
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apigee-x | 1-16-0-apigee-3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations.
How can this vulnerability impact me? :
The vulnerability could allow attackers to access and modify sensitive analytics data and logs of other customers, potentially leading to data breaches, loss of data integrity, and exposure of confidential information.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Apigee-X to version 1-16-0-apigee-3 or later, as this vulnerability has been patched in that version. No other user action is required.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allowed unauthorized read and write access to analytics data and access logs of other Apigee customer organizations, which could lead to data breaches and unauthorized data exposure. Such incidents can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on data access and protection of personal and sensitive information. However, the vulnerability was patched in version 1-16-0-apigee-3, and no user action is required. [1]