Ruby
CVE-2025-27407: Remote Code Execution in graphql-ruby via Malicious Schema Loading
Executive Summary CVE-2025-27407 is a critical vulnerability in the graphql-ruby library, a popular Ruby implementation of GraphQL. The vulnerability arises from the unsafe handling of schema definitions loaded via GraphQL::Schema.from_introspection or GraphQL::Schema::Loader.load. Systems that load schemas from untrusted JSON sources are particularly at risk.