CVE 8.5 HIGH

Server-Side Request Forgery (SSRF) in GitLab_CVE-2025-6454

September 12, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

AI Analysis

Server-Side Request Forgery (SSRF) vulnerability in GitLab CE/EE allowing authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

Basic Information

ID CVE-2025-6454

Source GitLab

Published Sep 12, 2025 at 06:05

Affected Product

Vendor GitLab

Product GitLab

Version 16.11

Affected Versions GitLab GitLab 16.11
GitLab GitLab 18.2
GitLab GitLab 18.3

CWE Classification

CWE-918

AI Assessment

AI Score 8.5 / 10

AI Severity HIGH

Vendor GitLab

Product GitLab

Version 16.11, 18.2, 18.3

References

{
    "lastseen": "",
    "description": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.",
    "published": "2025-09-12T06:05:49.792Z",
    "modified": "2025-09-12T06:05:49.792Z",
    "type": "cve",
    "title": "Server-Side Request Forgery (SSRF) in GitLab",
    "source": "GitLab",
    "references": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/550766\nhttps://hackerone.com/reports/3162711",
    "id": "CVE-2025-6454",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 16.11\nGitLab GitLab 18.2\nGitLab GitLab 18.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "16.11",
    "vendor": "GitLab",
    "ai_description": "Server-Side Request Forgery (SSRF) vulnerability in GitLab CE/EE allowing authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.",
    "ai_severity": "HIGH",
    "ai_vendor": "GitLab",
    "ai_product": "GitLab",
    "ai_version": "16.11, 18.2, 18.3",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply