CVE-2025-12571 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitLab	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Vendor	Product	Version
gitlab	gitlab	17.10.0 ≤ 𝑥 < 18.4.5
gitlab	gitlab	17.10.0 ≤ 𝑥 < 18.4.5
gitlab	gitlab	18.5.0 ≤ 𝑥 < 18.5.3
gitlab	gitlab	18.5.0 ≤ 𝑥 < 18.5.3
gitlab	gitlab	18.6.0
gitlab	gitlab	18.6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gitlab

sid	17.6.5-19 fixed

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Vulnerability Media Exposure

[GERMAN] Sicherheitslücken in GitLab: Angreifer können Zugangsdaten abgreifen
Die Softwareentwicklungsplattform GitLab ist verwundbar. Sicherheitsupdates schließen mehrere Schwachstellen.
Published: 2025-11-28T08:10:00+00:00
[ENGLISH] ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
Published: 2025-12-01T18:17:00+05:30

References

https://gitlab.com/gitlab-org/gitlab/-/issues/579168

https://hackerone.com/reports/3362239