Skip to main content

GitLab CE/EE EUVDEUVD-2025-210442

| CVE-2025-12506 MEDIUM
Use of Incorrectly-Resolved Name or Reference (CWE-706)
2026-07-08 cve@gitlab.com GHSA-h5pw-h3j7-cj7f
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
3.5 LOW

Authenticated low-privilege actor (PR:L) required to create crafted repo; victim must actively view via web UI (UI:R); impact is integrity-only content mismatch with no confidentiality or availability consequence.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

6
Severity Changed
Jul 09, 2026 - 20:22 NVD
LOW MEDIUM
CVSS changed
Jul 09, 2026 - 20:22 NVD
3.5 (LOW) 4.3 (MEDIUM)
Severity Changed
Jul 09, 2026 - 20:22 NVD
LOW MEDIUM
CVSS changed
Jul 09, 2026 - 20:22 NVD
3.5 (LOW) 4.3 (MEDIUM)
Analysis Generated
Jul 08, 2026 - 22:05 vuln.today
Patch available
Jul 08, 2026 - 22:04 EUVD

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the content available for download, due to improper handling of Git reference name resolution.

AnalysisAI

Content spoofing in GitLab CE/EE versions 16.5 through 18.x, 19.0, and 19.1 allows authenticated users to construct repositories where the web interface renders content that diverges from the actual downloadable source, exploiting improper Git reference name resolution (CWE-706). The CVSS score of 3.5 (Low) reflects the authentication requirement (PR:L), mandatory viewer interaction (UI:R), and limited integrity-only impact with no confidentiality or availability consequences. No public exploit code or CISA KEV listing has been identified at time of analysis, placing real-world risk firmly in the low tier despite the broad version range affected.

Technical ContextAI

GitLab CE/EE implements server-side rendering of Git repository content by resolving branch names, tags, and other symbolic references to display file trees, diffs, and blob content in the web UI. CWE-706 (Use of Incorrectly-Resolved Name or Reference) identifies the root cause class: GitLab's Git reference name resolution logic can be manipulated so that the ref resolved for web display differs from the ref resolved for download or clone operations. This creates a content-display integrity gap exploitable for code review deception. The flaw spans a wide version range - all versions from 16.5 up to 18.11.7, 19.0 up to 19.0.4, and 19.1 up to 19.1.2 - covering the majority of actively maintained GitLab release branches. No CPE strings were provided in the input data; affected product scope is inferred from NVD version range data and the GitLab patch advisory.

RemediationAI

Upgrade GitLab CE/EE to version 18.11.7 (for the 18.x branch), 19.0.4 (for the 19.0 branch), or 19.1.2 (for the 19.1 branch), per the official GitLab patch release advisory at https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/. No documented workaround is referenced in available intelligence. For administrators unable to patch immediately, a compensating control is to restrict repository creation permissions to trusted users only, reducing the pool of actors who could construct a malicious repository - note this limits self-service repository creation and may require process changes. Additionally, critical code reviews should be supplemented by cloning the repository locally and comparing content rather than relying solely on the web UI rendering, eliminating the web-display attack surface until patched.

More in Gitlab

View all
CVE-2023-7028 CRITICAL POC
10.0 Jan 12

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.

CVE-2013-4490 MEDIUM POC
6.5 May 13

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x

CVE-2021-22205 CRITICAL POC
10.0 Apr 23

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. Rated critical severity (CVSS 10

CVE-2022-2992 CRITICAL POC
9.9 Oct 17

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-1162 CRITICAL POC
9.8 Apr 04

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. Rated critical severity (CVSS 9.8)

CVE-2022-0735 CRITICAL POC
9.8 Mar 28

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions star

CVE-2021-22175 CRITICAL POC
9.8 Jun 11

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af

CVE-2021-22203 CRITICAL POC
9.8 Apr 02

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions sta

CVE-2019-15741 CRITICAL POC
9.8 Sep 16

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2019-6960 CRITICAL POC
9.8 Sep 09

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6

Share

EUVD-2025-210442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy