CVE-2025-32031

HIGH
Published Apr 7, 2025 Modified Aug 1, 2025 CWE-770

Description

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can render gateway inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.

Is your site exposed to CVE-2025-32031?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-770 CWE-770

Affected Products

Vendor Product
apollographql apollo_gateway

References

Frequently Asked Questions

What is CVE-2025-32031? +
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can render gateway inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2025-32031? +
CVE-2025-32031 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-32031? +
CVE-2025-32031 affects products from apollographql, specifically: apollo_gateway. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-32031? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-32031 — free, no signup required.