CVE-2025-31485

Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.0.22

Description The issue concerns a caching problem in GraphQL grants on properties, which can lead to incorrect caching with different objects. The ApiPlatformGraphQlSerializerItemNormalizer::isCacheKeySafe() method is intended to prevent this caching issue, but the parent::normalize method still creates the cache key, causing the problem.

Recommendations For versions prior to 4.0.22, update to version 4.0.22 to resolve the issue. As a temporary workaround, consider disabling the parent::normalize method or restricting the caching of GraphQL grants on properties until the update is applied.