Authentication Bypass in Dialogflow CX Messenger_CVE-2025-13427

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Description

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests.

All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.

Basic Information

ID CVE-2025-13427

Source GoogleCloud

Published Dec 18, 2025 at 21:57

Affected Product

Vendor Google Cloud

Product Dialogflow CX Messenger

Affected Versions Google Cloud Dialogflow CX Messenger 0

CWE Classification

CWE-287

References

docs.cloud.google.com /dialogflow/docs/release-notes

{
    "lastseen": "",
    "description": "An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. \n\nAll versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.",
    "published": "2025-12-18T21:57:55.976Z",
    "modified": "2025-12-18T21:57:55.976Z",
    "type": "cve",
    "title": "Authentication Bypass in Dialogflow CX Messenger",
    "source": "GoogleCloud",
    "references": "https://docs.cloud.google.com/dialogflow/docs/release-notes#December_11_2025",
    "id": "CVE-2025-13427",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Google Cloud Dialogflow CX Messenger 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dialogflow CX Messenger",
    "version": "0",
    "vendor": "Google Cloud",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}