7.5

CVE-2025-0673

Medienbericht
Exploit

Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 17.7.0 < 17.10.8
GitlabGitLab SwEditionenterprise Version >= 17.7.0 < 17.10.8
GitlabGitLab SwEditioncommunity Version >= 17.11.0 < 17.11.4
GitlabGitLab SwEditionenterprise Version >= 17.11.0 < 17.11.4
GitlabGitLab SwEditioncommunity Version >= 18.0.0 < 18.0.2
GitlabGitLab SwEditionenterprise Version >= 18.0.0 < 18.0.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.396
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@gitlab.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.08.2025 11:36
https://gitlab.com/gitlab-org/gitlab/-/issues/514732
Exploit
Issue Tracking
https://hackerone.com/reports/2936949
Permissions Required