CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64173

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64347

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347

CVE-2025-64347 concerns Apollo Router Core. Affected: Router Core with Apollo Federation 2, specifically versions 1.61.12-rc.0 and below, and 2.8.1-rc.0 and below. Root cause: access control directives renamed via @link imports were not enforced on renamed schema elements (e.g., fields and types)...

EUVD-2025-38037

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

CVE-2025-64347 Apollo Router Improperly Enforces Renamed Access Control Directives

Apollo Router Core is a configurable Rust graph router written to run a federated supergraph using Apollo Federation 2. Versions 1.61.12-rc.0 and below and 2.8.1-rc.0 allow unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes...

Apollo Router Core 访问控制错误漏洞

Apollo Router Core is a router core application for the Apollo community. An access control error vulnerability exists in Apollo Router Core versions 1.61.12-rc.0 and earlier and 2.8.1-rc.0, which stems from not enforcing renamed access control commands, which could lead to bypassing element-leve...

CVE-2025-64173

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

CVE-2025-64173

CVE-2025-64173 affects Apollo Router Core (Rust) in versions 1.61.11 and earlier and 2.0.0-alpha.0 through 2.8.1-rc.0. The vulnerability stems from incorrect handling of access control directives on interface types/fields and their implementing object types/fields, causing unauthenticated queries...

CVE-2025-64173 Apollo Router Core: Access Control Bypass on Polymorphic Types

Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-64173 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-64173 Source advisory: OSV:GHSA-X33C-7C2V-MRJ9...

EUVD-2025-38036

Apollo Router Affected by an Access Control Bypass on Polymorphic Types...

Apollo Router Affected by an Access Control Bypass on Polymorphic Types

Summary A vulnerability in Apollo Router allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2025-64347 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2025-64347 Source advisory: OSV:GHSA-G8JH-VG5J-4H3F...

Apollo Router Improperly Enforces Renamed Access Control Directives

Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...

GHSA-G8JH-VG5J-4H3F Apollo Router Improperly Enforces Renamed Access Control Directives

Summary A vulnerability in Apollo Router allowed for unauthorized access to protected data through schema elements with access control directives @authenticated, @requiresScopes, and @policy that were renamed via @link imports. Router did not enforce renamed access control directives on schema...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core versions prior to 1.61.11 and versions 2.0.0-alpha.0 through 2.8.1-rc.0, which stems from mishandling of access control commands and could lead to unauthenticated querie...