CVE-2025-6454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6454

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6454.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-6454

Aliases

BIT-gitlab-2025-6454

Published

2025-09-12T06:15:42Z

Modified

2025-09-16T09:44:29.670826Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/550766
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
https://hackerone.com/reports/3162711

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

22834294718a25956b0a859c8eed72248300eeee

Fixed

f2e9bb529ea308547c5cf059bbb25aaf7adf96be