PT-2025-14792 · Unknown · Api Platform Core
Published
2025-04-03
·
Updated
2026-01-13
·
CVE-2025-31481
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
API Platform Core versions prior to 4.0.22
Description
The issue allows bypassing configured security on an operation using the Relay special node type in hypermedia-driven REST and GraphQL APIs.
Recommendations
For versions prior to 4.0.22, update to version 4.0.22 to resolve the issue.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Api Platform Core