Platform
other
Component
dialogflow-cx
Fixed in
2025-02
A privilege escalation vulnerability has been identified in Google Cloud's Dialogflow CX. This flaw allows Dialogflow agent developers with Webhook editor permission to leverage Dialogflow service agent access token authentication to escalate their privileges. This escalation grants unauthorized access to manage project resources, potentially leading to unexpected costs and resource depletion.
The primary impact of CVE-2025-12952 is the potential for unauthorized project-level access. An attacker exploiting this vulnerability could gain control over resources associated with the Dialogflow CX project, including the ability to modify agent configurations, access sensitive data processed by the agents, and potentially integrate with other Google Cloud services. This could result in significant financial losses due to unexpected resource consumption, data breaches, and disruption of business operations. While the description doesn't explicitly mention data exfiltration, the ability to modify agent configurations and access associated data creates a pathway for such actions. The blast radius extends to the entire producer project, as the attacker can manipulate resources beyond the scope of the initially compromised agent.
CVE-2025-12952 was publicly disclosed on December 10, 2025. As of the disclosure date, there is no indication of active exploitation or a public proof-of-concept. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation, but the potential for project-level access suggests a medium to high probability of exploitation if a suitable exploit is developed and widely distributed.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
The vulnerability was addressed on the server side in February 2025, eliminating the need for immediate customer action. Google has implemented safeguards to prevent the exploitation of this privilege escalation path. While no specific rollback steps are necessary, it's recommended to review and audit Webhook configurations within Dialogflow CX to ensure adherence to the principle of least privilege. Regularly monitor Dialogflow CX activity logs for any suspicious or unauthorized changes. Google Cloud's security best practices for IAM roles and permissions should be consistently applied to minimize the potential for future privilege escalation vulnerabilities.
Google aplicó una solución en el lado del servidor en febrero de 2025. No se requiere ninguna acción por parte del cliente. Manténgase informado sobre las actualizaciones de seguridad de Google Cloud.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-12952 is a vulnerability in Google Cloud Dialogflow CX allowing developers to escalate privileges, potentially leading to project-level access and resource depletion.
If you use Dialogflow CX and have developers with Webhook editor permissions, you may be affected. However, a server-side fix was applied in February 2025.
The vulnerability has been fixed on the server side. No customer action is required, but review Webhook configurations and IAM roles for best practices.
As of December 10, 2025, there is no indication of active exploitation or public proof-of-concept.
Refer to the Google Cloud Security Bulletin for details: [https://cloud.google.com/security/bulletin](https://cloud.google.com/security/bulletin)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.