CVE-2025-27407 - Vulnerability Details

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Satellite

No data.

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.14 for RHEL 8
rubygem-graphql-0:1.13.24-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2025:3492	2025-04-01T00:00:00Z
Red Hat Satellite 6.15 for RHEL 8
rubygem-graphql-0:1.13.24-1.el8sat	cpe:/a:redhat:satellite:6.15::el8	RHSA-2025:3491	2025-04-01T00:00:00Z
Red Hat Satellite 6.16 for RHEL 8
rubygem-graphql-0:1.13.24-1.el8sat	cpe:/a:redhat:satellite:6.16::el8	RHSA-2025:3490	2025-04-01T00:00:00Z
Red Hat Satellite 6.16 for RHEL 9
rubygem-graphql-0:1.13.24-1.el9sat	cpe:/a:redhat:satellite:6.16::el9	RHSA-2025:3490	2025-04-01T00:00:00Z

References

Link	Providers
https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
https://github.com/github-community-projects/graphql-client
https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd
https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f
https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be
https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca
https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb
https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c
https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367
https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
https://nvd.nist.gov/vuln/detail/CVE-2025-27407
https://www.cve.org/CVERecord?id=CVE-2025-27407

History

Wed, 02 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat satellite
CPEs		cpe:/a:redhat:satellite:6.14::el8 cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9
Vendors & Products		Redhat Redhat satellite

Fri, 14 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-27407 https://www.cve.org/CVERecord?id=CVE-2025-27407
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 12 Mar 2025 21:00:00 +0000

Type	Values Removed	Values Added
References		https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released

Wed, 12 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 12 Mar 2025 18:30:00 +0000

Type	Values Removed	Values Added
Description		graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.
Title		Remote code execution when loading a crafted GraphQL schema
Weaknesses		CWE-94
References		https://github.com/github-community-projects/graphql-client https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367 https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-03-12T18:15:57.957Z

Updated: 2025-03-12T20:47:41.948Z

Reserved: 2025-02-24T15:51:17.268Z

Link: CVE-2025-27407

Vulnrichment

Updated: 2025-03-12T18:41:44.359Z

NVD

Status : Awaiting Analysis

Published: 2025-03-12T19:15:40.597

Modified: 2025-03-12T21:15:42.560

Link: CVE-2025-27407

Redhat

Severity : Important

Publid Date: 2025-03-12T18:15:57Z

Links: CVE-2025-27407 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27407", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-24T15:51:17.268Z", "datePublished": "2025-03-12T18:15:57.957Z", "dateUpdated": "2025-03-12T20:47:41.948Z"}, "containers": {"cna": {"title": "Remote code execution when loading a crafted GraphQL schema", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c"}, {"name": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367", "tags": ["x_refsource_MISC"], "url": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367"}, {"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "tags": ["x_refsource_MISC"], "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"}, {"name": "https://github.com/github-community-projects/graphql-client", "tags": ["x_refsource_MISC"], "url": "https://github.com/github-community-projects/graphql-client"}], "affected": [{"vendor": "rmosolgo", "product": "graphql-ruby", "versions": [{"version": ">= 1.11.5, < 1.11.8", "status": "affected"}, {"version": ">= 1.12.0, < 1.12.25", "status": "affected"}, {"version": ">= 1.13.0, < 1.13.24", "status": "affected"}, {"version": ">= 2.0.0, < 2.0.32", "status": "affected"}, {"version": ">= 2.1.0, < 2.1.14", "status": "affected"}, {"version": ">= 2.2.0, < 2.2.17", "status": "affected"}, {"version": ">= 2.3.0, < 2.3.21", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-12T20:47:41.948Z"}, "descriptions": [{"lang": "en", "value": "graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue."}], "source": {"advisory": "GHSA-q92j-grw3-h492", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-12T18:41:38.718466Z", "id": "CVE-2025-27407", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T18:42:08.976Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27407", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-12T18:41:38.718466Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T18:41:44.359Z"}}], "cna": {"title": "Remote code execution when loading a crafted GraphQL schema", "source": {"advisory": "GHSA-q92j-grw3-h492", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "rmosolgo", "product": "graphql-ruby", "versions": [{"status": "affected", "version": ">= 1.11.5, < 1.11.8"}, {"status": "affected", "version": ">= 1.12.0, < 1.12.25"}, {"status": "affected", "version": ">= 1.13.0, < 1.13.24"}, {"status": "affected", "version": ">= 2.0.0, < 2.0.32"}, {"status": "affected", "version": ">= 2.1.0, < 2.1.14"}, {"status": "affected", "version": ">= 2.2.0, < 2.2.17"}, {"status": "affected", "version": ">= 2.3.0, < 2.3.21"}]}], "references": [{"url": "https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492", "name": "https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd", "name": "https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f", "name": "https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be", "name": "https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca", "name": "https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb", "name": "https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c", "name": "https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367", "name": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367", "tags": ["x_refsource_MISC"]}, {"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/github-community-projects/graphql-client", "name": "https://github.com/github-community-projects/graphql-client", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-12T20:47:41.948Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27407", "state": "PUBLISHED", "dateUpdated": "2025-03-12T20:47:41.948Z", "dateReserved": "2025-02-24T15:51:17.268Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-03-12T18:15:57.957Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue."}], "id": "CVE-2025-27407", "lastModified": "2025-03-12T21:15:42.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-03-12T19:15:40.597", "references": [{"source": "security-advisories@github.com", "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"}, {"source": "security-advisories@github.com", "url": "https://github.com/github-community-projects/graphql-client"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367"}, {"source": "security-advisories@github.com", "url": "https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3492", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "impact": "important", "package": "rubygem-graphql-0:1.13.24-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3491", "cpe": "cpe:/a:redhat:satellite:6.15::el8", "impact": "important", "package": "rubygem-graphql-0:1.13.24-1.el8sat", "product_name": "Red Hat Satellite 6.15 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3490", "cpe": "cpe:/a:redhat:satellite:6.16::el8", "impact": "important", "package": "rubygem-graphql-0:1.13.24-1.el8sat", "product_name": "Red Hat Satellite 6.16 for RHEL 8", "release_date": "2025-04-01T00:00:00Z"}, {"advisory": "RHSA-2025:3490", "cpe": "cpe:/a:redhat:satellite:6.16::el9", "impact": "important", "package": "rubygem-graphql-0:1.13.24-1.el9sat", "product_name": "Red Hat Satellite 6.16 for RHEL 9", "release_date": "2025-04-01T00:00:00Z"}], "bugzilla": {"description": "graphql-ruby: Remote code execution when loading a crafted GraphQL schema", "id": "2351767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351767"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.", "A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the `GraphQL::Schema.from_introspection` or the `GraphQL::Schema::Loader.load` can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection."], "mitigation": {"lang": "en:us", "value": "A successful exploitation of this flaw requires GraphQL schema loading. Limiting the schema loading to trusted or authenticated users will limit the impact of the vulnerability. Coupling that with a strict input validation for all GraphQL schema being loaded would reduce the risk of a successful attack and cover as a possible mitigation strategy for this vulnerability."}, "name": "CVE-2025-27407", "public_date": "2025-03-12T18:15:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27407\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27407\nhttps://github.com/github-community-projects/graphql-client\nhttps://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd\nhttps://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f\nhttps://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be\nhttps://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca\nhttps://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb\nhttps://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c\nhttps://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367\nhttps://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492"], "statement": "This vulnerability is marked as Important rather than Critical because interaction with the vulnerable GraphQL library is restricted to only authenticated users in Red Hat Satellite. Satellite does not dynamically load schemas from external sources, further reducing the feasibility of exploitation.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object