CVE-2025-0362

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab7.7 < 17.8.7affected
GitLabGitLab17.9 < 17.9.6affected
GitLabGitLab17.10 < 17.10.4affected

Weaknesses

  • CWE-1021: CWE-1021: Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References