CVE-2025-11990

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.4.3 GitLab EE versions 18.5 through 18.5.1

Description An authenticated user could obtain CSRF tokens due to improper input validation in repository references and redirect handling weaknesses. The issue involves the exploitation of repository references.

Recommendations Update GitLab EE to version 18.4.4 or later. Update GitLab EE to version 18.5.2 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-177

Related Identifiers

BDU:2025-14459

BIT-GITLAB-2025-11990

CVE-2025-11990

Affected Products

Gitlab Ce/Ee

CVE-2025-11990

Weakness Enumeration

Related Identifiers

Affected Products

References · 10