CVE-2025-46720

Name of the Vulnerable Software and Affected Versions Keystone versions prior to 6.5.0

Description Keystone, a content management system for Node.js, has an issue where {field}.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used to probe the existence or value of otherwise unreadable fields. This affects projects relying on the default or dynamic isFilterable behavior to prevent external users from using field filtering as a discovery mechanism. The issue is not completely enforced during update and delete mutations when accepting more than one unique where values in filters.

Recommendations For versions prior to 6.5.0, to mitigate this issue, set isFilterable: false statically for relevant fields to prevent filtering by them earlier in the access control pipeline. Alternatively, set {field}.graphql.omit.read: true for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema. Additionally, consider denying update and delete operations for the relevant lists completely.