CVE-2025-32031

Name of the Vulnerable Software and Affected Versions Apollo Gateway versions prior to 2.10.1

Description A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections, but queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times.

Recommendations For versions prior to 2.10.1, update to version 2.10.1 to resolve the issue. As a temporary workaround, consider restricting the use of deeply nested and reused named fragments in queries to minimize the risk of excessive resource consumption and denial of service.