Published: 2025-11-15 Overview CVE-2025-7000 describes a medium severity vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability, if exploited under specific conditions, could allow unauthorized users to view confidential branch names. The issue arises through accessing project issues that are associated with related merge requests. This unauthorized disclosure of branch names could provide attackers with valuable information for reconnaissance and further exploitation. Technical Details The vulnerability exists because the system fails to properly restrict access to branch names when displaying information related to issues and associated merge requests. An attacker, by manipulating or observing issue details linked…
-
-
Overview CVE-2025-6945 describes a low-severity vulnerability in GitLab Enterprise Edition (EE) that could potentially lead to the leakage of sensitive information. This issue affects GitLab EE versions 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. An authenticated attacker could exploit this vulnerability by injecting hidden prompts into merge request comments, allowing them to extract information from confidential issues that they should not have access to. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input within merge request comments. Specifically, an attacker can craft a malicious comment that includes specially crafted prompts. When a user interacts with…
-
Overview CVE-2025-6171 describes a medium severity information disclosure vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability allows an authenticated attacker with the ‘reporter’ role to potentially view branch names and pipeline details through the packages API endpoint, even when repository access has been explicitly disabled. The vulnerability impacts GitLab versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. Immediate patching is highly recommended. Technical Details The vulnerability stems from insufficient access control checks within the GitLab packages API endpoint. Even when repository access is disabled for a ‘reporter’ role, the API allowed access…
-
Overview CVE-2025-2615 describes a medium severity vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). This vulnerability allows a blocked user to potentially bypass access restrictions and access sensitive information by establishing GraphQL subscriptions through WebSocket connections. The issue has been addressed in GitLab versions 18.3.6, 18.4.4, and 18.5.2. This article provides a detailed analysis of the vulnerability, its impact, and the necessary steps to mitigate it. Technical Details The vulnerability stems from insufficient access control checks during the processing of GraphQL subscriptions established via WebSocket connections. Even after a user is blocked from accessing GitLab resources, pre-existing WebSocket…
-
Overview CVE-2025-11990 is a low severity Cross-Site Request Forgery (CSRF) vulnerability affecting GitLab Enterprise Edition (EE). This vulnerability resides in versions 18.4 before 18.4.4 and 18.5 before 18.5.2. It allows an authenticated user to potentially acquire CSRF tokens by exploiting improper input validation in repository references combined with weaknesses in redirect handling. Technical Details The vulnerability stems from insufficient validation of user-supplied input related to repository references within GitLab EE. Specifically, the system doesn’t properly sanitize or validate the input when processing requests related to repository interactions. This, coupled with a weakness in how GitLab handles redirects, allows an attacker…
-
Overview CVE-2025-11865 is a medium severity vulnerability affecting GitLab EE (Enterprise Edition). It allows a malicious actor, under specific and currently unspecified circumstances, to remove the Duo authentication flows configured by another user. This can lead to a bypass of Multi-Factor Authentication (MFA) for the targeted user, potentially compromising their account security. The vulnerability impacts GitLab EE versions 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. Technical Details While the specific attack vector remains undisclosed to prevent exploitation, the core issue revolves around insufficient authorization checks within the Duo integration in GitLab EE. An attacker could potentially manipulate…
-
Overview A security vulnerability, identified as CVE-2025-12847, has been discovered in the All in One SEO (AIOSEO) – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress. This flaw allows authenticated attackers with Contributor-level access or higher to delete arbitrary media attachments without proper authorization. All versions up to and including 4.8.9 are affected. This represents a significant risk to website data integrity and availability. Technical Details The vulnerability stems from a missing authorization check within the REST API endpoint /wp-json/aioseo/v1/ai/image-generator. The plugin incorrectly verifies user permissions by only checking for the edit_posts capability, which is…
-
Overview CVE-2025-12494 identifies a medium severity vulnerability in the “Image Gallery – Photo Grid & Video Gallery” plugin for WordPress. This flaw allows authenticated attackers with author-level access or higher to delete arbitrary files on the server due to insufficient file path validation in the ajax_import_file function. Versions up to and including 2.12.28 are affected. Technical Details The vulnerability resides within the ajax_import_file function of the plugin. The lack of proper validation on the file path provided by the attacker allows them to manipulate the function to target and delete files outside of the intended image gallery directories. Specifically, the…
-
Overview CVE-2025-12182 is a medium severity vulnerability found in the Qi Blocks plugin for WordPress. This vulnerability allows authenticated attackers with Contributor-level access or higher to resize arbitrary media library images belonging to other users without proper authorization. This can lead to unintended file writes, disk consumption, and potential server resource abuse through processing large images. Technical Details The vulnerability stems from a missing capability check within the resize_image_callback() function in versions of the Qi Blocks plugin up to and including 1.4.3. Specifically, the plugin fails to properly verify if a user has the necessary permissions to resize a specific…
-
Overview CVE-2025-55034 describes a critical vulnerability affecting General Industrial Controls Lynx+ Gateway devices. This vulnerability stems from weak password requirements, making the device susceptible to brute-force attacks. Successful exploitation allows an attacker to gain unauthorized access to the device and potentially the wider industrial control system (ICS) network. Technical Details The General Industrial Controls Lynx+ Gateway utilizes insufficiently robust password policies. This means that default or easily guessable passwords may be permitted, and there may be a lack of enforcement for password complexity, length, or rotation. An attacker can leverage this weakness to conduct a brute-force attack, systematically attempting different…