Auth Bypass in Google Cloud Dialogflow CX Messenger via init params
CVE-2025-13427 Published on December 18, 2025
Authentication Bypass in Dialogflow CX Messenger
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests.
All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2025-13427 has been classified to as an authentification vulnerability or weakness.
Affected Versions
Google Cloud Dialogflow CX Messenger:- Before and including 2025-08-20 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.