Summary
Who is impacted
Anyone embedding Apollo Sandbox or Apollo Explorer in their website may have been affected by this vulnerability.
- Users who embed Apollo Sandbox or Apollo Explorer in their websites via npm packages (
@apollo/sandboxand@apollo/explorer) or direct links to Apollo’s CDN. - Users running Apollo Router with embedded Sandbox enabled. This served the vulnerable code from Apollo’s CDN.
- Users running Apollo Server with embedded Sandbox or Explorer enabled. Embedded Sandbox is enabled by default when
NODE_ENVis not set toproduction, and embedded Sandbox and Explorer can also be enabled in production mode via landing page plugins. This served the vulnerable code from Apollo’s CDN.
While all of the above methods of serving Embedded Sandbox and Explorer were vulnerable, Apollo has already updated its CDN to remove all vulnerable versions. Unless you install the npm package @apollo/sandbox or @apollo/explorer directly into your website’s front end code, no action is necessary: the vulnerability has already been mitigated.
Users who do not embed Sandbox/Explorer on their websites, or who only run Apollo Router/Server with production defaults were never impacted. The use of non-embedded Sandbox and Explorer hosted on studio.apollographql.com is not vulnerable.
Scope of impact
The vulnerability allows a malicious website to open the vulnerable website in a new window and force it to send GraphQL requests to its origin. The requests themselves are not "cross-origin" as they are directly issued from the vulnerable website, but their contents are dictated by the malicious website.
The malicious website cannot read the responses to the GraphQL operations, but the operations may be mutations with side effects (such as using credentials to update app-specific data access controls). These operations can contain the browser user's cookies, and the vulnerable website may be on a private network otherwise inaccessible to the attacker. Operations sent this way look and exactly like legitimate operations sent by a human interacting with the embedded Sandbox or Explorer.
Workarounds
- If you are using Apollo Server, ensure
NODE_ENV=productionis set in production to avoid unintentionally serving embedded Sandbox. - Customers not using embedded Sandbox/Explorer are not affected and do not need to take action.
References
Impact
A Cross-Site Request Forgery (CSRF) vulnerability was identified in Apollo’s Embedded Sandbox and Embedded Explorer.
The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies.
A victim's authenticated browser session is used to submit forged requests to an application that cannot distinguish them from legitimate ones. Typical impact: state-changing actions performed as the victim without their consent.
CVE-2025-59845 has a CVSS score of 8.2 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.7.2, 3.7.3); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
The issue has been fixed by adding strict origin validation to DOM message handling.
@apollo/sandbox: Patched in v2.7.2 and later@apollo/explorer: Patched in v3.7.3 and later- Apollo’s CDN embeds have been updated to patched versions. This protects embeds based on
<script>tags pointing to Apollo’s CDN, as well as the Apollo Router and Apollo Server features. No action is necessary to adopt the fix in this case.
If you manually edited the <script> tag provided by the Explorer or Sandbox UI to replace the version string _latest, v2, or v3 with a specific git-style SHA, you may find that the Explorer or Sandbox UI does not currently load. To fix this, use a supported URL instead, as documented for Sandbox or Explorer. (The third-party Go GraphQL server gqlgen provides a function ApolloSandboxHandler which serves an unsupported URL and was broken by our mitigations; upgrading to gqlgen v0.17.81 will resolve this issue.)
Frequently Asked Questions
- What is CVE-2025-59845? CVE-2025-59845 is a high-severity cross-site request forgery (CSRF) vulnerability in @apollo/sandbox (npm), affecting versions < 2.7.2. It is fixed in 2.7.2, 3.7.3. A victim's authenticated browser session is used to submit forged requests to an application that cannot distinguish them from legitimate ones.
- How severe is CVE-2025-59845? CVE-2025-59845 has a CVSS score of 8.2 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which packages are affected by CVE-2025-59845?
@apollo/sandbox(npm) (versions < 2.7.2)@apollo/explorer(npm) (versions < 3.7.3)
- Is there a fix for CVE-2025-59845? Yes. CVE-2025-59845 is fixed in 2.7.2, 3.7.3. Upgrade to this version or later.
- Is CVE-2025-59845 exploitable, and should I be worried? Whether CVE-2025-59845 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-59845 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-59845?
- Upgrade
@apollo/sandboxto 2.7.2 or later - Upgrade
@apollo/explorerto 3.7.3 or later
- Upgrade