Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-31481
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-03 Apr, 2025 | 19:20
Updated At-08 Apr, 2025 | 13:14
Rejected At-
▼CVE Numbering Authority (CNA)
GraphQL query operations security can be bypassed

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.

Affected Products
Vendor
api-platform
Product
core
Versions
Affected
  • >= 4.0.0, < 4.0.22
  • < 3.4.17
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m
x_refsource_CONFIRM
https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb
x_refsource_MISC
https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568
x_refsource_MISC
https://github.com/api-platform/core/releases/tag/v3.4.17
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found