CVE-2025-13426P2HIGHCVSS 8.7fixed in Hybrid_1.11.2·fixed in Hybrid_1.12.4+4 more2025-12-05
CVE-2025-13426 [HIGH] CWE-913 CVE-2025-13426: A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/r
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution.
It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading
nvd