Home > Vulnerability Database > CVE-2025-48490

Mend.io Vulnerability Database

CVE-2025-48490

Good to know:

Date: May 30, 2025

Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0.

Severity Score

7.5

Related Resources (6)

Url: https://github.com/Lomkit/laravel-rest-api/commit/88b14587b4efd7e59d7379658c606d325bb513b4

Url: https://github.com/Lomkit/laravel-rest-api/security/advisories/GHSA-69rh-hccr-cxrj

Url: https://github.com/Lomkit/laravel-rest-api/pull/172

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48490

Url: https://github.com/Lomkit/laravel-rest-api

Url: https://www.mend.io/vulnerability-database/CVE-2025-48490

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Improper Use of Validation Framework

CWE-1173

Top Fix

Upgrade Version

Upgrade to version lomkit/laravel-rest-api - v2.13.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48490

Good to know:

Date: May 30, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?