QwikSec

Security Database

CVE

CWE

Training

CVE-2025-13292

Published: Dec 6, 2025

Modified: Jan 30, 2026

PUBLISHED

Description

A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action is required for this.

Vendor	Product	Versions
Google Cloud	Apigee-X	affected `0 - < 1-16-0-apigee-3`

Weaknesses (CWE)

References

https://docs.cloud.google.com/apigee/docs/release-notes#October_16_2025

https://focalsecurity.io/blog/gatewaytoheaven-gcp-cross-tenant-vulnerability/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.