A high-severity vulnerability has been discovered in multiple Apollo products, specifically impacting the Apollo Router Core. This flaw could allow an unauthenticated remote attacker to bypass security controls and access sensitive information, posing a significant risk of a data breach. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this threat.

The vulnerability exists within the query processing logic of the Apollo Router Core. An unauthenticated remote attacker can craft a specialized GraphQL query that, when sent to a vulnerable router, is improperly parsed. This parsing error can cause the router to bypass authorization and validation checks for subgraphs, allowing the attacker to retrieve data from federated backend services that they would not normally have access to, leading to sensitive information disclosure.

This vulnerability is rated as High severity with a CVSS score of 7.5, reflecting the potential for significant damage without requiring special privileges or user interaction. Successful exploitation could lead to a severe data breach, exposing confidential company data, customer information, or other sensitive records managed by the federated services. The consequences include reputational damage, loss of customer trust, financial losses from incident response, and potential regulatory fines for non-compliance with data protection standards like GDPR or CCPA.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected Apollo product instances immediately. Priority should be given to internet-facing systems. After patching, organizations should continue to monitor for any signs of exploitation attempts by reviewing application and access logs for anomalous activity.

Proactive Monitoring: Security teams should monitor logs from the Apollo Router for unusually complex or malformed GraphQL queries. Monitor network traffic for unexpected data egress from backend services originating from the router. An increase in error rates or resource consumption on the router could also indicate attempted exploitation.

Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with custom rules to inspect and block the specific malicious GraphQL query patterns associated with this vulnerability. Additionally, enhance network segmentation to strictly limit the router's access to only essential backend services, reducing the potential scope of a breach.

Public Exploit Available: false

Given the high severity (CVSS 7.5) of this vulnerability and its potential for sensitive data exposure, we strongly recommend that organizations treat this as a critical priority. Although CVE-2025-64347 is not currently listed on the CISA KEV list, the risk of a data breach is substantial. All organizations using the affected Apollo products should begin the patching process immediately, prioritizing production and externally-exposed environments to prevent potential exploitation.