Dialogflow CX Privilege Escalation via Webhook Agent Token
CVE-2025-12952 Published on December 10, 2025
Privilege Escalation in Dialogflow CX via Webhook Admin Role
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX.
Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication.
This allows the attacker to escalate their privileges from agent-level to project-level, granting them unauthorized access to manage resources in services associated with the project, leading to unexpected costs and resource depletion for the producer project.
A fix was applied on the server side to protect from this vulnerability in February 2025. No customer action is required.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Versions
Google Cloud Dialogflow CX:- Before 2025-02 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.