EUVD-2025-7224

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerable graphql-ruby versions allow remote code execution from untrusted schema loading.

Reporter	Title	Published	Views	Family All 45
FreeBSD	Gitlab -- Vulnerabilities	12 Mar 202500:00	–	freebsd
GithubExploit	Exploit for CVE-2025-27407	25 Apr 202604:33	–	githubexploit
GithubExploit	Exploit for CVE-2025-27407	26 Dec 202518:14	–	githubexploit
Circl	CVE-2025-27407	12 Mar 202519:21	–	circl
CNNVD	GraphQL 安全漏洞	12 Mar 202500:00	–	cnnvd
CVE	CVE-2025-27407	12 Mar 202518:15	–	cve
Cvelist	CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema	12 Mar 202518:15	–	cvelist
Debian	[SECURITY] [DLA 4263-1] ruby-graphql security update	4 Aug 202501:11	–	debian
Debian CVE	CVE-2025-27407	12 Mar 202518:15	–	debiancve
Tenable Nessus	Debian dla-4263 : ruby-graphql - security update	4 Aug 202500:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "164b5c75-0d27-38ae-97dd-e3cf803de811",
        "vendor": {
          "name": "rmosolgo"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "117e9b8d-c546-3e1b-a185-e9320696be0e",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "1.11.5, < 1.11.8"
      },
      {
        "id": "191767e3-15bb-3651-8d3a-b1f7eea50442",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "1.13.0, < 1.13.24"
      },
      {
        "id": "26a05d4a-7910-3d4f-96e4-62e739eae5fe",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "2.1.0, < 2.1.14"
      },
      {
        "id": "6b009e65-917a-35af-bb22-af0f4147a8ab",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "1.12.0, < 1.12.25"
      },
      {
        "id": "6f352401-ece0-326e-93bb-6cc18b7fe815",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "2.0.0, < 2.0.32"
      },
      {
        "id": "7c4a3d91-e4fe-332e-a71f-143e5ddfaeb2",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "2.2.0, < 2.2.17"
      },
      {
        "id": "bea5b81a-cae3-3f1c-8ee2-3d01f503d9fc",
        "product": {
          "name": "graphql-ruby"
        },
        "product_version": "2.3.0, < 2.3.21"
      }
    ]
  }
]

Source	Link
github	www.github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27407
github	www.github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd
github	www.github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f
github	www.github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be
github	www.github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca
github	www.github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb
github	www.github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c
github	www.github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367
github	www.github.com/rmosolgo/graphql-ruby/commit/e58676c70aa695e3052ba1fbc787efee4ba7d67e

03 Oct 2025 20:07Current

8.8High risk

Vulners AI Score8.8

CVSS 3.19

EPSS0.01361

SSVC

graphql-ruby vulnerability remote code execution untrusted schema loading patch versions