CVE-2025-13427
Unknown Unknown - Not Provided
Authentication Bypass in Google Dialogflow CX Messenger Enables Unauthorized Access

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: GoogleCloud

Description
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-13427
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google cloud_dialogflow 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in Google Cloud Dialogflow CX Messenger that allows unauthenticated users to interact with restricted chat agents. By manipulating initialization parameters or crafting specific API requests, attackers can gain access to the agents' knowledge and trigger their intents without proper authentication.

Impact Analysis

The vulnerability can allow unauthorized users to access restricted chat agents, potentially exposing sensitive information contained in the agents' knowledge base and enabling attackers to trigger actions or intents that should be protected. This could lead to information disclosure or unintended operations within the affected system.

Mitigation Strategies

Update to the latest version of Google Cloud Dialogflow CX Messenger released after August 20th, 2025, as these versions have been updated to protect from this vulnerability. No additional user action is required beyond applying this update.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart