ByteOS Network

NVD Vulnerability Details :

CVE-2025-53364

Awaiting Analysis

Source-security-advisories@github.com

Published At-10 Jul, 2025 | 16:15

Updated At-15 Jul, 2025 | 13:24

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. This vulnerability is fixed in 7.5.3 and 8.2.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-497	Primary	security-advisories@github.com

CWE ID: CWE-497

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/parse-community/parse-server/pull/9819	security-advisories@github.com	N/A
https://github.com/parse-community/parse-server/pull/9820	security-advisories@github.com	N/A
https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-prgv-gm4w	security-advisories@github.com	N/A