Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. This vulnerability is fixed in 7.5.3 and 8.2.2.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/parse-community/parse-server/pull/9819
- https://github.com/parse-community/parse-server/pull/9820
- https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-pr
FAQ
What is CVE-2025-53364?
CVE-2025-53364 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed pu...
How severe is CVE-2025-53364?
CVE-2025-53364 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53364?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.