Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue.

INFO

Published Date :

2025-03-24T15:53:19.156Z

Last Modified :

2025-03-24T18:03:54.959Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23204 vulnerability.

Vendors Products
Api-platform
  • Core
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23204.

URL Resource
https://github.com/api-platform/core/commit/dc4fc84ba93e22b4f44a37e90a93c6d079c1c620 cve-icon cve-icon
https://github.com/api-platform/core/pull/6444 cve-icon cve-icon
https://github.com/api-platform/core/pull/6444/files#diff-09e3c2cfe12a2ce65bd6c983c7ca6bfcf783f852b8d0554bb938e8ebf5e5fa65R56 cve-icon cve-icon
https://github.com/api-platform/core/security/advisories/GHSA-7mxx-3cgm-xxv3 cve-icon cve-icon
https://github.com/soyuka/core/blob/7e2e8f9ff322ac5f6eb5f65baf432bffdca0fd51/src/Symfony/Security/State/AccessCheckerProvider.php#L49-L57 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact