Home

Description

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.

PUBLISHED Reserved 2025-11-19 | Published 2025-12-18 | Updated 2025-12-19 | Assigner GoogleCloud




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

Any version
affected

Credits

asterfiester reporter

References

docs.cloud.google.com/dialogflow/docs/release-notes release-notes

cve.org (CVE-2025-13427)

nvd.nist.gov (CVE-2025-13427)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.