CVE-2025-0673

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2

Description An issue has been discovered in GitLab CE/EE that allows an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. This issue affects various versions of GitLab CE/EE, allowing an attacker to exploit it and cause a denial of service.

Recommendations For versions 17.7 through 17.10.8, update to a version after 17.10.8 to resolve the issue. For versions 17.11 through 17.11.4, update to a version after 17.11.4 to resolve the issue. For versions 18.0 through 18.0.2, update to a version after 18.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the affected GitLab CE/EE instances to minimize the risk of exploitation.