CVE-2025-31481
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/04/2025
Last modified:
08/04/2025
Description
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb
- https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568
- https://github.com/api-platform/core/releases/tag/v3.4.17
- https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m