CVE-2025-32380

Name of the Vulnerable Software and Affected Versions: Apollo Router versions prior to 1.61.2 Apollo Router versions prior to 2.1.1

Description: A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate, leading to excessive resource consumption and denial of service. The issue has been remediated by updating the validation logic to process each named fragment only once, preventing redundant traversal.

Recommendations: For Apollo Router versions prior to 1.61.2, update to version 1.61.2 or later to resolve the issue. For Apollo Router versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue.