CVE-2025-0362

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
GitLabCNA
6.4 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
gitlabgitlab
7.7.0 ≤
𝑥
< 17.8.7
gitlabgitlab
7.7.0 ≤
𝑥
< 17.8.7
gitlabgitlab
17.9.0 ≤
𝑥
< 17.9.6
gitlabgitlab
17.9.0 ≤
𝑥
< 17.9.6
gitlabgitlab
17.10.0 ≤
𝑥
< 17.10.4
gitlabgitlab
17.10.0 ≤
𝑥
< 17.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gitlab
sid
vulnerable
Common Weakness Enumeration
References
https://gitlab.com/gitlab-org/gitlab/-/issues/512425
https://hackerone.com/reports/2926425