Apigee Hybrid Javacallout Policy
Approved changes feed: RSS · Atom
cpe:2.3:a:google_cloud:apigee_hybrid_javacallout_policy:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Google Cloud (34bf7c79-23c3-583b-8203-6d0252c54ec0) |
|---|---|
| Product | Apigee Hybrid Javacallout Policy (2cddd301-2200-5ee8-b0f8-e57c4ac6dbb3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13426 |
vulnerable | 2026-06-03 14:58:46.048600 |
Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution.
It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems.
The Apigee hybrid versions below have all been updated to protect from this vulnerability:
* Hybrid_1.11.2+
* Hybrid_1.12.4+
* Hybrid_1.13.3+
* Hybrid_1.14.1+
* OPDK_5202+
* OPDK_5300+
Published: 2025-12-05T21:27:13.711Z
Updated: 2025-12-08T17:27:42.517Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.