Privilege escalation in Google Cloud Dialogflow Cx

CVE-2025-12952

A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allow…

Vulnerability class: Privilege Escalation

EPSS: 0.003 (21.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References