CVE-2025-13292

Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.

Description

A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action is required for this.

INFO

Published Date :

2025-12-06T05:05:51.597Z

Last Modified :

2026-01-30T19:08:02.176Z

Source :

GoogleCloud

AFFECTED PRODUCTS

The following products are affected by CVE-2025-13292 vulnerability.

Vendors	Products
Google	Cloud Apigee-x

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-13292.

URL	Resource
https://docs.cloud.google.com/apigee/docs/release-notes#October_16_2025
https://focalsecurity.io/blog/gatewaytoheaven-gcp-cross-tenant-vulnerability/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability