CVE-2025-48490

Name of the Vulnerable Software and Affected Versions Laravel Rest Api versions prior to 2.13.0

Description A validation bypass issue was discovered where multiple validations defined for the same attribute could be silently overridden. This occurs due to how the framework merges validation rules across multiple contexts, such as index, store, and update actions. Malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed.

Recommendations For versions prior to 2.13.0, update to version 2.13.0 to resolve the issue. As a temporary workaround, consider reviewing and manually merging validation rules to prevent silent overrides until the patch can be applied. Restrict access to sensitive API endpoints to minimize the risk of exploitation. Avoid using overlapping validation rules for the same attribute in different contexts until the issue is resolved.