Validation Bypass in Laravel Rest API Affects Multiple Versions
CVE-2025-48490

6.6MEDIUM

Key Information:

Vendor

Lomkit

Status
Laravel-rest-api
Vendor
CVE Published:
30 May 2025

What is CVE-2025-48490?

A vulnerability in Laravel Rest API allows for a validation bypass where multiple validations for the same attribute could be silently overridden. This misconfiguration permits attackers to craft requests that circumvent standard validation procedures, thereby injecting harmful or unexpected parameters into the application. The flaw arises from the framework's method of merging validation rules across different actions, leading to potential unauthorized data acceptance and processing. This vulnerability has been resolved in version 2.13.0.

Affected Version(s)

laravel-rest-api < 2.13.0

References

https://github.com/Lomkit/laravel-rest-api/security/advis...
x_refsource_CONFIRM
https://github.com/Lomkit/laravel-rest-api/pull/172
x_refsource_MISC
https://github.com/Lomkit/laravel-rest-api/commit/88b1458...
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48490 : Validation Bypass in Laravel Rest API Affects Multiple Versions