CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...

CVE-2025-32032

The CVE-2025-32032 issue affects Apollo Router Core (written in Rust) where queries with deeply nested and reused named fragments can bypass an optimization in the GraphQL query planner, causing significantly longer planning times and, since there is no planner timeout, potential exhaustion of th...

CVE-2025-32032 Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...

CVE-2025-32031 Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...

GHSA-P2Q6-PWH5-M6JR Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

GHSA-94HH-JMQ8-2FGP Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

Impact Summary A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. This could lead to excessive resource consumption and denial of service...

Apollo Router Core 安全漏洞

Apollo Router Core is a router core application for the Apollo community. A security vulnerability exists in Apollo Router Core that stems from a query optimization bypass that could lead to a denial of service...