PT-2025-29105 · Unknown · Parse Server
Moumouls
+1
·
Published
2025-07-10
·
Updated
2025-07-16
·
CVE-2025-53364
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Parse Server versions 5.3.0 through 7.5.3
Parse Server version 8.2.2
Description:
Parse Server’s GraphQL API allowed public access to the GraphQL schema without requiring a session token or the master key in versions 5.3.0 through 7.5.3 and 8.2.2. Schema introspection reveals metadata, which can expand the potential attack surface.
Recommendations:
Update to Parse Server version 7.5.3 or later.
Update to Parse Server version 8.2.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Parse Server