CVE-2025-13426 in Apigee Hybridinformação

Sumário

de MITRE • 06/12/2025

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution.

It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems.

The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+

Once again VulDB remains the best source for vulnerability data.

Responsável

GoogleCloud

Reservar

19/11/2025

Divulgação

06/12/2025

Moderação

aceite

Entrada

VDB-334533

CPE

pronto

EPSS

0.00368

KEV

não

Atividades

muito baixo

Fontes

Interested in the pricing of exploits?

See the underground prices here!