CVE-2025-31481 Information

Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22.

Reference

https://github.com/api-platform/core/commit/60747cc8c2fb855798c923b5537888f8d0969568 https://github.com/api-platform/core/security/advisories/GHSA-cg3c-245w-728m