CVE-2025-1908 — Gitlab vulnerability

CWE-8405 documents5 sources

Severity

7.7HIGHNVD

EPSS

0.1%

top 82.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedApr 24

Description

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 1.3 | Impact: 5.8

Affected Packages5 packages

▶CVEListV5gitlab/gitlab16.6 — 17.9.7+2

▶NVDgitlab/gitlab16.6.0 — 17.9.7+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

OSV

CVE-2025-1908: An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account tak↗2025-04-24

▶

GHSA

GHSA-h38g-w8gh-4m6m: An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account tak↗2025-04-24

▶

📋Vendor Advisories

GitLab

CVE-2025-1908: An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account tak↗2025-04-24

▶

Debian

CVE-2025-1908: gitlab - An issue has been discovered in GitLab EE/CE that could allow an attacker to tra...↗2025

▶