Security Flaw in API Platform Core Affecting Multiple Versions by API Platform
CVE-2025-23204

4.4MEDIUM

Key Information:

Status
Vendor
CVE Published:
24 March 2025

What is CVE-2025-23204?

A security issue has been identified in API Platform Core, primarily affecting versions starting from 3.3.8. The flaw arises from a misconfiguration during the handling of security checks following the execution of GraphQL resolvers. Since the intended security check can be overridden by a fallback that may not be properly enforced, this issue creates a potential security risk when specific conditions are met. As of the latest available information, there is currently no patched version to rectify this vulnerability.

Affected Version(s)

core >= 3.3.8, < 3.3.15

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.