CVE-2025-13292
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-06

Last updated on: 2025-12-08

Assigner: GoogleCloud

Description
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in versionΒ 1-16-0-apigee-3.Β No user action is required for this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-06
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-12-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13292
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google apigee-x 1-16-0-apigee-3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations.

Impact Analysis

The vulnerability could allow attackers to access and modify sensitive analytics data and logs of other customers, potentially leading to data breaches, loss of data integrity, and exposure of confidential information.

Mitigation Strategies

Upgrade Apigee-X to version 1-16-0-apigee-3 or later, as this vulnerability has been patched in that version. No other user action is required.

Compliance Impact

The vulnerability allowed unauthorized read and write access to analytics data and access logs of other Apigee customer organizations, which could lead to data breaches and unauthorized data exposure. Such incidents can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on data access and protection of personal and sensitive information. However, the vulnerability was patched in version 1-16-0-apigee-3, and no user action is required. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart