CVE-2025-0673 — Infinite Loop in Gitlab

CWE-835 — Infinite Loop6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 85.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJun 12

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab17.7 — 17.10.8+2

▶NVDgitlab/gitlab17.7.0 — 17.10.8+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-rp5v-chq5-pw9q: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-06-12

▶

OSV

CVE-2025-0673: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-06-12

▶

📋Vendor Advisories

GitLab

CVE-2025-0673: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an a↗2025-06-12

▶

Debian

CVE-2025-0673: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 be...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

GitLab patches high severity account takeover, missing auth issues↗2025-06-12

▶