Home > Vulnerability Database > CVE-2025-31481

Mend.io Vulnerability Database

CVE-2025-31481

Good to know:

Date: April 3, 2025

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17.

Severity Score

7.5

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-31481

Url: https://github.com/api-platform/core/commit/55712452b4f630978537bdb2a07dc958202336bb

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/core/CVE-2025-31481.yaml

Url: https://github.com/api-platform/core/releases/tag/v3.4.17

Url: https://github.com/api-platform/core/releases/tag/v4.1.5

Url: https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568

Url: https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m

Url: https://github.com/api-platform/core

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/api-platform/graphql/CVE-2025-31481.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2025-31481

Severity Score

7.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version api-platform/graphql - v3.4.17;api-platform/graphql - v4.0.22;api-platform/core - v3.4.17;api-platform/core - v4.0.22

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-31481

Good to know:

Date: April 3, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?