Gitlab CVE-2025-12575
MEDIUMCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.
AnalysisAI
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [CVSS 5.4 MEDIUM]
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects Gitlab. GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More from same product – last 7 days
Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th
Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p
Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo
Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al
Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ
Share
External POC / Exploit Code
Leaving vuln.today