https://vulnerability.circl.lu/sightings/feed 2026-05-08T00:07:26.358992+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f63f10a2-3622-4a13-8cef-c617709cc78c/export 2026-05-08T00:07:26.788649+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f63f10a2-3622-4a13-8cef-c617709cc78c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32030", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10782", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32030\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.\n\ud83d\udccf Published: 2025-04-07T20:38:59.654Z\n\ud83d\udccf Modified: 2025-04-07T20:38:59.654Z\n\ud83d\udd17 References:\n1. https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh\n2. https://github.com/apollographql/federation/pull/3236\n3. https://github.com/apollographql/federation/releases/tag/%40apollo%2Fgateway%402.10.1", "creation_timestamp": "2025-04-07T20:46:11.000000Z"} 2025-04-07T20:46:11+00:00 https://vulnerability.circl.lu/sighting/e72d1e4f-fb7e-4d83-87ca-856b86e6c816/export 2026-05-08T00:07:26.788547+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e72d1e4f-fb7e-4d83-87ca-856b86e6c816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32030", "type": "published-proof-of-concept", "source": "Telegram/5dAdkBrkgoCoPXtqjNJ6teSKY8EEieVK1jkeeM1fkZslcgw", "content": "", "creation_timestamp": "2025-04-07T23:31:54.000000Z"} 2025-04-07T23:31:54+00:00 https://vulnerability.circl.lu/sighting/fcfc887e-8bec-46f8-871c-bcd2b4994237/export 2026-05-08T00:07:26.788415+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "fcfc887e-8bec-46f8-871c-bcd2b4994237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32030", "type": "seen", "source": "Telegram/5eBuvckgjMmUrrDTZuzRXBnI9rJEpd7_1eddmnGajLrVyIo", "content": "", "creation_timestamp": "2025-04-07T23:31:55.000000Z"} 2025-04-07T23:31:55+00:00 https://vulnerability.circl.lu/sighting/8bff3ac5-7c41-424e-a797-85798bb03cb7/export 2026-05-08T00:07:26.784424+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8bff3ac5-7c41-424e-a797-85798bb03cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32030", "type": "seen", "source": "https://t.me/cvedetector/22359", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-32030 - Apollo Gateway Nested Fragment Denial of Service Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-32030 \nPublished : April 7, 2025, 9:15 p.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T01:26:30.000000Z"} 2025-04-08T01:26:30+00:00