Description

Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0.

INFO

Published Date :

2025-05-30T05:27:59.565Z

Last Modified :

2025-05-30T12:31:32.111Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48490 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48490.

URL Resource
https://github.com/Lomkit/laravel-rest-api/commit/88b14587b4efd7e59d7379658c606d325bb513b4 cve-icon cve-icon
https://github.com/Lomkit/laravel-rest-api/pull/172 cve-icon cve-icon
https://github.com/Lomkit/laravel-rest-api/security/advisories/GHSA-69rh-hccr-cxrj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability