PT-2025-49328 · Google · Apigee-X
Omer Amiad
·
Published
2025-12-06
·
Updated
2026-02-03
·
CVE-2025-13292
CVSS v4.0
7.6
High
| Vector | AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/U:Clear |
Name of the Vulnerable Software and Affected Versions
Apigee-X versions prior to 1-16-0-apigee-3
Description
A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. The issue involves cross-tenant access, potentially exposing sensitive information such as JSON Web Tokens (JWTs) of end users.
Recommendations
Update to version 1-16-0-apigee-3 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apigee-X