CVE-2025-23204

MEDIUM Year: 2025
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact is there only when there's only a security after resolver and none inside security. Version 3.3.15 contains a patch for the issue.

Related Vulnerabilities

CVE-2015-5208

MEDIUM
CVSS:4.4(Medium)

Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.

CWE-202015

CVE-2015-7509

MEDIUM
CVSS:4.4(Medium)

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

CWE-202015

CVE-2015-8552

MEDIUM
CVSS:4.4(Medium)

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN message...

CWE-202015

CVE-2016-6246

MEDIUM
CVSS:4.4(Medium)

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) d...

CWE-202016

CVE-2016-7907

MEDIUM
CVSS:4.4(Medium)

The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to...

CWE-202016

CVE-2017-0164

MEDIUM
CVSS:4.4(Medium)

A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Serv...

CWE-202017