{"vulnerability": "CVE-2025-27407", "sightings": [{"uuid": "0acbe270-e68e-4810-a21e-cd13c363febd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemrmrnvk2o", "content": "", "creation_timestamp": "2025-03-14T22:08:57.256092Z"}, {"uuid": "4ba9ca63-5e1e-4793-b1e5-b9d340edee44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43", "content": "", "creation_timestamp": "2025-03-16T23:34:06.950766Z"}, {"uuid": "51bec01c-9281-4174-9da1-60e88de4a42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk7dk2t5tv2u", "content": "", "creation_timestamp": "2025-03-12T19:40:19.322371Z"}, {"uuid": "6d6f8d9c-1f2a-4094-9344-18cd93716693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114151188619952651", "content": "", "creation_timestamp": "2025-03-12T19:48:29.031369Z"}, {"uuid": "4b3f2357-e1f4-47c6-b874-3a27582357f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/andranglin.bsky.social/post/3lkko63mhzk2c", "content": "", "creation_timestamp": "2025-03-17T07:49:47.538351Z"}, {"uuid": "cf5da177-d369-48c2-a2c9-5ba719302524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://gist.github.com/alon710/11c45cdfd0d1ad3b473795f1fcfcc7b0", "content": "", "creation_timestamp": "2026-01-24T22:41:13.000000Z"}, {"uuid": "16eb0770-e563-480e-a230-d295debb7245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "published-proof-of-concept", "source": "Telegram/qhPRrHWn8CTwbXoQMLYYNZP_eAjB5dIioFkbQ0tlG1td8WQ", "content": "", "creation_timestamp": "2025-12-26T21:00:04.000000Z"}, {"uuid": "65f2ccd2-d3f1-41b3-a2a4-0574dba23678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-27407", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3llgcckwqzwc2", "content": "", "creation_timestamp": "2025-03-28T07:33:48.717959Z"}, {"uuid": "926d13c8-c783-46ac-8b2b-bfa8f186d76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://gist.github.com/alon710/794b044cfea500e1f5f23253a31d3cc2", "content": "", "creation_timestamp": "2026-01-24T21:25:48.000000Z"}, {"uuid": "62a5b6b9-5a5d-43ab-af24-e27a53e4cdff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://t.me/cvedetector/20168", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27407 - GraphQL-ruby Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27407 \nPublished : March 12, 2025, 7:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue. \nSeverity: 9.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-12T22:53:44.000000Z"}, {"uuid": "c8e2ebc3-7587-4416-9b25-d3ba644d23e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7367", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27407\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.\n\ud83d\udccf Published: 2025-03-12T18:15:57.957Z\n\ud83d\udccf Modified: 2025-03-12T18:42:08.976Z\n\ud83d\udd17 References:\n1. https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492\n2. https://github.com/rmosolgo/graphql-ruby/commit/28233b16c0eb9d0fb7808f4980e061dc7507c4cd\n3. https://github.com/rmosolgo/graphql-ruby/commit/2d2f4ed1f79472f8eed29c864b039649e1de238f\n4. https://github.com/rmosolgo/graphql-ruby/commit/5c5a7b9a9bdce143be048074aea50edb7bb747be\n5. https://github.com/rmosolgo/graphql-ruby/commit/6eca16b9fa553aa957099a30dbde64ddcdac52ca\n6. https://github.com/rmosolgo/graphql-ruby/commit/d0963289e0dab4ea893bbecf12bb7d89294957bb\n7. https://github.com/rmosolgo/graphql-ruby/commit/d1117ae0361d9ed67e0795b07f5c3e98e62f3c7c\n8. https://github.com/rmosolgo/graphql-ruby/commit/e3b33ace05391da2871c75ab4d3b66e29133b367\n9. https://github.com/github-community-projects/graphql-client", "creation_timestamp": "2025-03-12T19:41:15.000000Z"}, {"uuid": "52ab1cab-0c84-4770-8bda-06f6483ffc54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "published-proof-of-concept", "source": "Telegram/3enB83vBivmCtuCKnIufTidDmfLZ95Nh7V4en_RLHKIkMvY", "content": "", "creation_timestamp": "2026-04-25T07:00:14.000000Z"}, {"uuid": "1700ab66-8ce6-4419-a965-f2ded85f602a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://t.me/CyberBulletin/2667", "content": "\u26a1CVE-2025-27407 (CVSS 9.1): Critical GraphQL-Ruby Flaw Exposes Millions to RCE.\n\n#CyberBulletin", "creation_timestamp": "2025-03-17T12:43:13.000000Z"}, {"uuid": "d9f1c4c5-e5f5-4feb-b3bc-635f2b4d061d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkc76ah2kd2p", "content": "", "creation_timestamp": "2025-03-13T23:00:06.983817Z"}, {"uuid": "dc5a211f-74f4-4a35-8d2c-5747b16bfb6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114151081494165899", "content": "", "creation_timestamp": "2025-03-12T19:21:15.360207Z"}, {"uuid": "e2a7d7ea-eec0-4630-b936-818458fee6a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3loelotrb422j", "content": "", "creation_timestamp": "2025-05-04T19:30:16.087747Z"}, {"uuid": "5a3044db-d6f6-4b32-a3b6-c93f0b52e087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lofcjxpwjx2v", "content": "", "creation_timestamp": "2025-05-05T02:19:07.782205Z"}, {"uuid": "42430718-3de6-4e53-975e-a81934e2880c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "efa1e6c3-7899-4245-98d7-81a38d4a68e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "2da754d5-4574-456c-8d81-3a95e921f874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-27407", "type": "published-proof-of-concept", "source": "Telegram/HrTtUNq5Rdsv8dZdwNssjgzlpOtJ1umCTDCiOjgom1Z9ct0", "content": "", "creation_timestamp": "2025-12-26T19:00:09.000000Z"}]}