CVE-2025-46720: CWE-203: Observable Discrepancy in keystonejs keystone
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely.
AI Analysis
Technical Summary
CVE-2025-46720 is a vulnerability in KeystoneJS, a popular Node.js-based content management system (CMS). The issue affects versions prior to 6.5.0 and involves an access control bypass related to the `isFilterable` property on fields during GraphQL mutations, specifically `update` and `delete` operations. KeystoneJS allows filtering of records using unique fields in the `where` clause of mutations. Normally, the `isFilterable` access control setting restricts filtering on sensitive fields to prevent unauthorized data discovery. However, this vulnerability arises because when multiple unique filters are combined (e.g., filtering by both `id` and `email`), Keystone attempts to match records even if some filters should be disallowed by `isFilterable` or `defaultIsFilterable` settings. This behavior effectively bypasses the intended access control, enabling an attacker to use these filters as an oracle to infer the existence or specific values of otherwise unreadable fields. This is a form of information disclosure (CWE-203 and CWE-200) that can leak sensitive data indirectly without granting direct read access. The vulnerability does not affect `findMany` queries, where filtering respects access controls correctly, but only `update` and `delete` mutations. The impact is limited to projects that rely on dynamic or default `isFilterable` behavior rather than statically setting `isFilterable: false` or omitting filtering on sensitive fields from the GraphQL schema. The issue has been patched in KeystoneJS version 6.5.0. For environments where upgrading is not feasible, mitigations include statically setting `isFilterable: false` on sensitive fields, omitting those fields from the GraphQL schema by setting `{field}.graphql.omit.read: true`, or restricting `update` and `delete` operations on affected lists entirely. The CVSS score is 3.1 (low severity), reflecting limited confidentiality impact, high attack complexity, and the need for some privileges (low privileges) but no user interaction. No known exploits are reported in the wild as of now.
Potential Impact
For European organizations using KeystoneJS as their CMS or backend framework, this vulnerability poses a risk of indirect information disclosure. Attackers with low privileges could probe sensitive data fields by crafting GraphQL mutations with multiple unique filters, potentially revealing confidential information such as user emails, IDs, or other protected attributes. Although the vulnerability does not allow direct data modification or deletion without proper authorization, the ability to confirm the existence or values of sensitive fields can aid in further targeted attacks, social engineering, or reconnaissance. Organizations handling personal data subject to GDPR must be cautious, as even indirect data leaks can have compliance implications. The impact is more pronounced for organizations that rely on dynamic or default filtering controls rather than explicit static configurations. Since KeystoneJS is used in various industries including media, education, and enterprise web applications, the vulnerability could affect a broad range of sectors. However, the low CVSS score and absence of known exploits suggest the immediate risk is limited but should not be ignored, especially in high-value or sensitive environments.
Mitigation Recommendations
1. Upgrade KeystoneJS to version 6.5.0 or later, where this vulnerability is patched. 2. For environments where upgrading is not immediately possible, statically set `isFilterable: false` on all sensitive fields to prevent filtering by these fields early in the access control pipeline, avoiding reliance on dynamic functions. 3. Use `{field}.graphql.omit.read: true` on sensitive fields to remove them from the GraphQL schema entirely, which also disables filtering on those fields. 4. Consider restricting or denying `update` and `delete` mutations on lists containing sensitive fields if filtering cannot be safely controlled. 5. Conduct a thorough review of the GraphQL schema and access control configurations to ensure no sensitive fields are inadvertently filterable. 6. Implement monitoring and alerting for unusual mutation patterns that attempt to combine multiple unique filters, which may indicate probing attempts. 7. Educate developers and administrators about the risks of dynamic filtering and encourage explicit, static access control settings for sensitive data fields.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Poland
CVE-2025-46720: CWE-203: Observable Discrepancy in keystonejs keystone
Description
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely.
AI-Powered Analysis
Technical Analysis
CVE-2025-46720 is a vulnerability in KeystoneJS, a popular Node.js-based content management system (CMS). The issue affects versions prior to 6.5.0 and involves an access control bypass related to the `isFilterable` property on fields during GraphQL mutations, specifically `update` and `delete` operations. KeystoneJS allows filtering of records using unique fields in the `where` clause of mutations. Normally, the `isFilterable` access control setting restricts filtering on sensitive fields to prevent unauthorized data discovery. However, this vulnerability arises because when multiple unique filters are combined (e.g., filtering by both `id` and `email`), Keystone attempts to match records even if some filters should be disallowed by `isFilterable` or `defaultIsFilterable` settings. This behavior effectively bypasses the intended access control, enabling an attacker to use these filters as an oracle to infer the existence or specific values of otherwise unreadable fields. This is a form of information disclosure (CWE-203 and CWE-200) that can leak sensitive data indirectly without granting direct read access. The vulnerability does not affect `findMany` queries, where filtering respects access controls correctly, but only `update` and `delete` mutations. The impact is limited to projects that rely on dynamic or default `isFilterable` behavior rather than statically setting `isFilterable: false` or omitting filtering on sensitive fields from the GraphQL schema. The issue has been patched in KeystoneJS version 6.5.0. For environments where upgrading is not feasible, mitigations include statically setting `isFilterable: false` on sensitive fields, omitting those fields from the GraphQL schema by setting `{field}.graphql.omit.read: true`, or restricting `update` and `delete` operations on affected lists entirely. The CVSS score is 3.1 (low severity), reflecting limited confidentiality impact, high attack complexity, and the need for some privileges (low privileges) but no user interaction. No known exploits are reported in the wild as of now.
Potential Impact
For European organizations using KeystoneJS as their CMS or backend framework, this vulnerability poses a risk of indirect information disclosure. Attackers with low privileges could probe sensitive data fields by crafting GraphQL mutations with multiple unique filters, potentially revealing confidential information such as user emails, IDs, or other protected attributes. Although the vulnerability does not allow direct data modification or deletion without proper authorization, the ability to confirm the existence or values of sensitive fields can aid in further targeted attacks, social engineering, or reconnaissance. Organizations handling personal data subject to GDPR must be cautious, as even indirect data leaks can have compliance implications. The impact is more pronounced for organizations that rely on dynamic or default filtering controls rather than explicit static configurations. Since KeystoneJS is used in various industries including media, education, and enterprise web applications, the vulnerability could affect a broad range of sectors. However, the low CVSS score and absence of known exploits suggest the immediate risk is limited but should not be ignored, especially in high-value or sensitive environments.
Mitigation Recommendations
1. Upgrade KeystoneJS to version 6.5.0 or later, where this vulnerability is patched. 2. For environments where upgrading is not immediately possible, statically set `isFilterable: false` on all sensitive fields to prevent filtering by these fields early in the access control pipeline, avoiding reliance on dynamic functions. 3. Use `{field}.graphql.omit.read: true` on sensitive fields to remove them from the GraphQL schema entirely, which also disables filtering on those fields. 4. Consider restricting or denying `update` and `delete` mutations on lists containing sensitive fields if filtering cannot be safely controlled. 5. Conduct a thorough review of the GraphQL schema and access control configurations to ensure no sensitive fields are inadvertently filterable. 6. Implement monitoring and alerting for unusual mutation patterns that attempt to combine multiple unique filters, which may indicate probing attempts. 7. Educate developers and administrators about the risks of dynamic filtering and encourage explicit, static access control settings for sensitive data fields.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-04-28T20:56:09.084Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d981dc4522896dcbdae83
Added to database: 5/21/2025, 9:08:45 AM
Last enriched: 7/6/2025, 8:25:27 PM
Last updated: 7/31/2025, 4:06:41 AM
Views: 22
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.