CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

PT-2025-45381

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.12-rc.0 through 1.61.12 and 2.8.1-rc.0 through 2.8.1 Description Apollo Router Core, a Rust graph router for Apollo Federation 2, had a flaw where access control directives—specifically @authenticated,...

PT-2025-45376

Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...