CVE-2025-0362

MEDIUM

GitLab CE/EE <17.8.7-17.10.4 - CSRF

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/512425

[Permissions Required] https://hackerone.com/reports/2926425

Scores

CVSS v3 6.4

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-1021

Status published

Affected Products (2)

gitlab/gitlab < 17.8.7

Timeline

Published Apr 10, 2025

Tracked Since Feb 18, 2026