CVE-2025-13427
Unknown Unknown - Not Provided

Authentication Bypass in Google Dialogflow CX Messenger Enables Unauthorized Access

Vulnerability report for CVE-2025-13427, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: GoogleCloud

Description

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-07-06
AI Q&A
2025-12-19
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google cloud_dialogflow 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in Google Cloud Dialogflow CX Messenger that allows unauthenticated users to interact with restricted chat agents. By manipulating initialization parameters or crafting specific API requests, attackers can gain access to the agents' knowledge and trigger their intents without proper authentication.

Impact Analysis

The vulnerability can allow unauthorized users to access restricted chat agents, potentially exposing sensitive information contained in the agents' knowledge base and enabling attackers to trigger actions or intents that should be protected. This could lead to information disclosure or unintended operations within the affected system.

Mitigation Strategies

Update to the latest version of Google Cloud Dialogflow CX Messenger released after August 20th, 2025, as these versions have been updated to protect from this vulnerability. No additional user action is required beyond applying this update.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart