CVE-2025-31485: GraphQL grant on a property might be cached with different objects
(updated )
It grants access to properties that it should not.
References
- github.com/advisories/GHSA-428q-q3vv-3fq3
- github.com/api-platform/core
- github.com/api-platform/core/commit/7af65aad13037d7649348ee3dcd88e084ef771f8
- github.com/api-platform/core/commit/cba3acfbd517763cf320167250c5bed6d569696a
- github.com/api-platform/core/releases/tag/v3.4.17
- github.com/api-platform/core/security/advisories/GHSA-428q-q3vv-3fq3
- nvd.nist.gov/vuln/detail/CVE-2025-31485
Code Behaviors & Features
Detect and mitigate CVE-2025-31485 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →