CVE-2025-6454

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2

Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerability resides in the handling of webhook headers, potentially exposing internal endpoints. Approximately 37% of GitLab instances in Runet are estimated to be potentially affected, representing around 30,000 active instances. Exploitation is possible starting with the 'Developer' role and does not require user interaction. Indicators of compromise include requests with non-standard HTTP headers and internal calls to proxy/metadata/local APIs.

Recommendations Update GitLab to version 18.1.6, 18.2.6, or 18.3.2 or higher. Check webhook settings and remove or restrict the ability to use non-standard HTTP headers, especially if they are user-controlled. If GitLab is deployed behind a reverse proxy or in a complex network infrastructure, limit internal resources that GitLab can access.