CVERadar

CVE-2025-27407

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.0432/1

CVE-2025-27407 is a critical remote code execution vulnerability in the graphql-ruby gem. Exploiting this flaw allows attackers to execute arbitrary code by loading a malicious schema definition via GraphQL introspection. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, while not immediately critical, this vulnerability should still be addressed promptly to mitigate potential risks. The vulnerability resides in the GraphQL::Schema.from_introspection or GraphQL::Schema::Loader.load functions when processing JSON from untrusted sources. Systems using GraphQL::Client to load external schemas are particularly at risk. This vulnerability could allow attackers to gain unauthorized access and control of affected systems. Upgrade to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, or 2.3.21 or later to apply the necessary patch and prevent exploitation.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

Ajit Jasrotia2025-03-17

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More | From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories […] The post ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor

allhackernews.com

rss

forum

news

GitLab addressed critical auth bypass flaws in CE and EE

Pierluigi Paganini2025-03-13

GitLab addressed critical auth bypass flaws in CE and EE | GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5, […] GitLab addressed two critical

securityaffairs.co

rss

forum

news

GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User

Kaaviya2025-03-13

GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User | GitLab has released critical security patches for multiple vulnerabilities that could potentially allow attackers to authenticate as legitimate users or even execute remote code under specific circumstances.  The company has urged all self-managed GitLab installations to immediately upgrade to versions 17.9.2, 17.8.5, or 17.7.7 for both Community Edition (CE) and Enterprise Edition (EE) to address […] The post GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User</a

cybersecuritynews.com

rss

forum

news

CVE-2025-27407 | rmosolgo graphql-ruby up to 2.3.20 Loader.load code injection (GHSA-q92j-grw3-h492)

vuldb.com2025-03-13

CVE-2025-27407 | rmosolgo graphql-ruby up to 2.3.20 Loader.load code injection (GHSA-q92j-grw3-h492) | A vulnerability was found in rmosolgo graphql-ruby up to 2.3.20. It has been declared as critical. This vulnerability affects the function GraphQL::Schema::Loader.load. The manipulation leads to code injection. This vulnerability was named CVE-2025-27407. The attack can be initiated remotely. There is no exploit

vuldb.com

rss

forum

news

GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7

Kevin Morrison2025-03-12

GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 | Today we are releasing versions 17.9.2, 17.8.5, 17.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action and will be notified once their instance has been patched

gitlab.com

rss

forum

news

Social Media

Grok

@grok

20 days ago

@Shubhamkhanna06 The latest GraphQL-related CVE is CVE-2025-27407, a critical flaw in the GraphQL gem for Ruby allowing remote code execution. Published in early 2025, it has a CVSS score of 9.1 and affects versions before 1.11.11, 1.12.25, 1.13.24, 2.0.32, 2.1.15, 2.2.17, 2.3.21, and 2.4.13.

Cybersecurity News Everyday

@TweetThreatNews

23 days ago

A critical vulnerability (CVE-2025-27407) in the graphql-ruby gem exposes millions to remote code execution risks. Developers must upgrade to patched versions to safeguard their applications. ⚠️ #RCE #GraphQL #USA link: https://t.co/UnS5Qca9MP https://t.co/nXRRzDjp5n

CCB Alert

@CCBalert

23 days ago

Warning: Critical and high severity #vulnerabilities #CVE-2025-27407 CVSS 9.0, #CVE-2025-25291 and #CVE-2025-25292 CVSS 8.8 in #GitLab's Community and Enterprise Editions could lead to #RCE and #AuthenticationBypass. Check https://t.co/DBClmyDfk2 and #Patch #Patch #Patch

Adrian Anglin

@adriananglin

24 days ago

CVE-2025-27407 (CVSS 9.1): Critical GraphQL-Ruby Flaw Exposes Millions to RCE A severe remote code execution vulnerability in GraphQL-Ruby puts countless applications at risk of compromise. https://t.co/khPJhOGQUl #Cybersecurity #RCE #GraphQL

Nicolas Krassas

@Dinosn

24 days ago

CVE-2025-27407 (CVSS 9.1): Critical GraphQL-Ruby Flaw Exposes Millions to RCE https://t.co/wJH4l04HHq

Gray Hats

@the_yellow_fall

24 days ago

CVE-2025-27407 (CVSS 9.1): Critical #GraphQL-Ruby Flaw Exposes Millions to RCE Learn about CVE-2025-27407, a critical vulnerability in graphql-ruby that poses serious risks to applications using it. https://t.co/5vpwAUZ1TA

RUBYLAND

@rubylandnews

27 days ago

RubySec ➜ CVE-2025-27407 (graphql): graphql allows remote code execution when loading a crafted GraphQL schema https://t.co/s1X1L4HnQT

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
[email protected]	https://github.com/github-community-projects/graphql-client
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c
[email protected]	https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367
[email protected]	https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
HTTPS://GITHUB.COM/GITHUB-COMMUNITY-PROJECTS/GRAPHQL-CLIENT	https://github.com/github-community-projects/graphql-client
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/28233B16C0EB9D0FB7808F4980E061DC7507C4CD	https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/2D2F4ED1F79472F8EED29C864B039649E1DE238F	https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/5C5A7B9A9BDCE143BE048074AEA50EDB7BB747BE	https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/6ECA16B9FA553AA957099A30DBDE64DDCDAC52CA	https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/D0963289E0DAB4EA893BBECF12BB7D89294957BB	https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/D1117AE0361D9ED67E0795B07F5C3E98E62F3C7C	https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/E3B33ACE05391DA2871C75AB4D3B66E29133B367	https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/SECURITY/ADVISORIES/GHSA-Q92J-GRW3-H492	https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
HTTPS://ABOUT.GITLAB.COM/RELEASES/2025/03/12/PATCH-RELEASE-GITLAB-17-9-2-RELEASED	https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
HTTPS://GITHUB.COM/GITHUB-COMMUNITY-PROJECTS/GRAPHQL-CLIENT	https://github.com/github-community-projects/graphql-client
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/28233B16C0EB9D0FB7808F4980E061DC7507C4CD	https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/2D2F4ED1F79472F8EED29C864B039649E1DE238F	https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/5C5A7B9A9BDCE143BE048074AEA50EDB7BB747BE	https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/6ECA16B9FA553AA957099A30DBDE64DDCDAC52CA	https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/D0963289E0DAB4EA893BBECF12BB7D89294957BB	https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/D1117AE0361D9ED67E0795B07F5C3E98E62F3C7C	https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/COMMIT/E3B33ACE05391DA2871C75AB4D3B66E29133B367	https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367
HTTPS://GITHUB.COM/RMOSOLGO/GRAPHQL-RUBY/SECURITY/ADVISORIES/GHSA-Q92J-GRW3-H492	https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492

CWE Details

CWE ID	CWE Name	Description
CWE-94	Improper Control of Generation of Code ('Code Injection')	The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence