Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.

INFO

Published Date :

2025-04-03T19:20:22.916Z

Last Modified :

2025-04-08T13:14:36.379Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-31481 vulnerability.

Vendors Products
Api-platform
  • Core
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-31481.

URL Resource
https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb cve-icon cve-icon
https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568 cve-icon cve-icon
https://github.com/api-platform/core/releases/tag/v3.4.17 cve-icon cve-icon
https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact