Unauthorized Data Access in Apigee-X Product by Google
CVE-2025-13292

7.6HIGH

Key Information:

Vendor: Google Cloud
Status: Apigee-x
Vendor: CVE Published:; 6 December 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-13292?

A critical flaw in Apigee-X enables unauthorized users to gain access to sensitive Apigee Analytics data and logs pertaining to other customer organizations. This vulnerability compromises the integrity of customer information and could lead to significant data exposure risks. The issue was addressed in release version 1-16-0-apigee-3, ensuring enhanced security and data protection. No user intervention is necessary for the patch.

Affected Version(s)

Apigee-X https://console.cloud.google.com/apigee/ 0 < 1-16-0-apigee-3

References

https://docs.cloud.google.com/apigee/docs/release-notes#O...

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Nov 17, 2025

Credit

Omer Amiad

JSON