CVE-2025-6948

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6948

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6948.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-6948

Aliases

BIT-gitlab-2025-6948

Downstream

UBUNTU-CVE-2025-6948

Published

2025-07-10T09:15:30Z

Modified

2025-07-25T18:54:44.224364Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

b7c061ce59a5eca5c5764fcf61be8a5103fb7d55

Fixed

bfd493869858083febee3788e111b5503caf492c

Affected versions

v17.*

v17.11.0-ee

v17.11.1-ee

v17.11.2-ee

v17.11.3-ee

v17.11.4-ee

v17.11.5-ee