PT-2025-52356 · Google · Dialogflow Cx Messenger
Asterfiester
·
Published
2025-12-18
·
Updated
2025-12-19
·
CVE-2025-13427
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Google Cloud Dialogflow CX Messenger versions prior to August 20th, 2025
Description
An authentication bypass issue in Google Cloud Dialogflow CX Messenger permitted unauthorized users to interact with restricted chat agents. This allowed access to the agents’ knowledge and the ability to trigger their intents through manipulation of initialization parameters or crafted API requests. The affected API endpoint is not specified. The vulnerable parameters or variables are not specified. The vulnerable function is not specified.
Recommendations
Update to a version released on or after August 20th, 2025.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dialogflow Cx Messenger