Miggo Logo
Miggo Vulnerability Database
CVE-2025-32031

CVE-2025-32031:
Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-32031
GHSA ID
GHSA-p2q6-pwh5-m6jr
EPSS Score
0.17582%
CWE
CWE-770
Published
4/7/2025
Updated
4/8/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
@apollo/gatewaynpm< 2.10.12.10.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in query planning functions that process() nested fragments without resource limits. Key evidence comes from: 1) The QueryPlanner.buildQueryPlan modifications adding nonLocalSelectionsState checks 2) FragmentSpreadSelection being made public with associated validation added 3) QueryGraph.build gaining security flags 4) Planning functions like computeRootParallelBestPlan adding limit parameters. Pre-patch versions of these functions lacked the nonLocalSelectionsMetadata initialization and recursive selection validation shown in the patches, allowing unbounded computation through recursive fragment processing and cross-subgraph edge evaluation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Imp**t ## Summ*ry * vuln*r**ility in *pollo **t*w*y *llow** qu*ri*s wit* ***ply n*st** *n* r*us** n*m** *r**m*nts to ** pro*i*itiv*ly *xp*nsiv* to qu*ry pl*n, sp**i*i**lly *u* to int*rn*l optimiz*tions **in* *r*qu*ntly *yp*ss**. T*is *oul* l*** t

Reasoning

T** vuln*r**ility m*ni**sts in qu*ry pl*nnin* *un*tions t**t `pro**ss`() n*st** *r**m*nts wit*out r*sour** limits. K*y *vi**n** *om*s *rom: *) T** `Qu*ryPl*nn*r.*uil*Qu*ryPl*n` mo*i*i**tions ***in* `nonLo**lS*l**tionsSt*t*` ****ks *) `*r**m*ntSpr***S