{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32033", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-01T21:57:32.958Z", "datePublished": "2025-04-07T20:48:19.504Z", "dateUpdated": "2025-04-08T13:31:44.219Z"}, "containers": {"cna": {"title": "Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/apollographql/router/security/advisories/GHSA-84m6-5m72-45fp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/apollographql/router/security/advisories/GHSA-84m6-5m72-45fp"}, {"name": "https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564", "tags": ["x_refsource_MISC"], "url": "https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564"}, {"name": "https://github.com/apollographql/router/commit/bba032e183b861348a466d3123c7137a1ae18952", "tags": ["x_refsource_MISC"], "url": "https://github.com/apollographql/router/commit/bba032e183b861348a466d3123c7137a1ae18952"}], "affected": [{"vendor": "apollographql", "product": "router", "versions": [{"version": "< 1.61.2", "status": "affected"}, {"version": ">= 2.0.0-alpha.0, < 2.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-07T20:48:19.504Z"}, "descriptions": [{"lang": "en", "value": "The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter exceeded the maximum value for this data type (4,294,967,295), it wrapped around to 0, unintentionally allowing queries to bypass configured thresholds. This could occur for large queries if the payload limit were sufficiently increased, but could also occur for small queries with deeply nested and reused named fragments. This has been remediated in apollo-router versions 1.61.2 and 2.1.1."}], "source": {"advisory": "GHSA-84m6-5m72-45fp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T13:31:30.359125Z", "id": "CVE-2025-32033", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:31:44.219Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32033", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T13:31:30.359125Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:31:36.839Z"}}], "cna": {"title": "Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow", "source": {"advisory": "GHSA-84m6-5m72-45fp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "apollographql", "product": "router", "versions": [{"status": "affected", "version": "< 1.61.2"}, {"status": "affected", "version": ">= 2.0.0-alpha.0, < 2.1.1"}]}], "references": [{"url": "https://github.com/apollographql/router/security/advisories/GHSA-84m6-5m72-45fp", "name": "https://github.com/apollographql/router/security/advisories/GHSA-84m6-5m72-45fp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564", "name": "https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/apollographql/router/commit/bba032e183b861348a466d3123c7137a1ae18952", "name": "https://github.com/apollographql/router/commit/bba032e183b861348a466d3123c7137a1ae18952", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter exceeded the maximum value for this data type (4,294,967,295), it wrapped around to 0, unintentionally allowing queries to bypass configured thresholds. This could occur for large queries if the payload limit were sufficiently increased, but could also occur for small queries with deeply nested and reused named fragments. This has been remediated in apollo-router versions 1.61.2 and 2.1.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-07T20:48:19.504Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32033", "state": "PUBLISHED", "dateUpdated": "2025-04-08T13:31:44.219Z", "dateReserved": "2025-04-01T21:57:32.958Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-07T20:48:19.504Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"product": "router", "vendor": "apollographql", "versions": [{"status": "affected", "version": "< 1.61.2"}, {"status": "affected", "version": ">= 2.0.0-alpha.0, < 2.1.1"}]}], "source": "security-advisories@github.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter exceeded the maximum value for this data type (4,294,967,295), it wrapped around to 0, unintentionally allowing queries to bypass configured thresholds. This could occur for large queries if the payload limit were sufficiently increased, but could also occur for small queries with deeply nested and reused named fragments. This has been remediated in apollo-router versions 1.61.2 and 2.1.1."}, {"lang": "es", "value": "Apollo Router Core es un enrutador de gr\u00e1ficos configurable y de alto rendimiento, escrito en Rust, para ejecutar un supergrafo federado que utiliza Apollo Federation 2. Antes de las versiones 1.61.2 y 2.1.1, el complemento de los l\u00edmites de operaci\u00f3n utilizaba enteros de 32 bits sin signo para controlar los contadores de los l\u00edmites (por ejemplo, la altura de una consulta). Si un contador superaba el valor m\u00e1ximo para este tipo de dato (4&#xa0;294&#xa0;967&#xa0;295), se reiniciaba a 0, lo que permit\u00eda involuntariamente que las consultas superaran los umbrales configurados. Esto pod\u00eda ocurrir en consultas grandes si el l\u00edmite de payload se aumentaba lo suficiente, pero tambi\u00e9n en consultas peque\u00f1as con fragmentos con nombre profundamente anidados y reutilizados. Esto se ha solucionado en las versiones 1.61.2 y 2.1.1 de apollo-router."}], "id": "CVE-2025-32033", "lastModified": "2026-06-17T09:11:21.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-32033", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-04-08T13:31:30.359125Z", "version": "2.0.3"}}]}, "published": "2025-04-07T21:15:43.527", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564"}, {"source": "security-advisories@github.com", "url": "https://github.com/apollographql/router/commit/bba032e183b861348a466d3123c7137a1ae18952"}, {"source": "security-advisories@github.com", "url": "https://github.com/apollographql/router/security/advisories/GHSA-84m6-5m72-45fp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}