Description

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.

INFO

Published Date :

2025-04-07T20:38:59.654Z

Last Modified :

2025-04-08T18:25:01.371Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32030 vulnerability.

Vendors Products
Apollographql
  • Apollo Gateway
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32030.

URL Resource
https://github.com/apollographql/federation/pull/3236 cve-icon cve-icon
https://github.com/apollographql/federation/releases/tag/%40apollo%2Fgateway%402.10.1 cve-icon cve-icon
https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact