Security Flaw in API Platform Core Affecting Multiple Versions by API Platform
CVE-2025-23204
4.4MEDIUM
What is CVE-2025-23204?
A security issue has been identified in API Platform Core, primarily affecting versions starting from 3.3.8. The flaw arises from a misconfiguration during the handling of security checks following the execution of GraphQL resolvers. Since the intended security check can be overridden by a fallback that may not be properly enforced, this issue creates a potential security risk when specific conditions are met. As of the latest available information, there is currently no patched version to rectify this vulnerability.
Affected Version(s)
core >= 3.3.8, < 3.3.15
