CVE-2025-6454 - Vulnerability Details - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gitlab	Gitlab

No data.

No data.

References

Link	Providers
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/550766
https://hackerone.com/reports/3162711

History

Fri, 12 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 12 Sep 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.
Title		Server-Side Request Forgery (SSRF) in GitLab
First Time appeared		Gitlab Gitlab gitlab
Weaknesses		CWE-918
CPEs		cpe:2.3:a:gitlab:gitlab::::::::
Vendors & Products		Gitlab Gitlab gitlab
References		https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/550766 https://hackerone.com/reports/3162711
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2025-09-12T06:05:49.792Z

Updated: 2025-09-12T17:18:59.590Z

Reserved: 2025-06-20T19:30:39.145Z

Link: CVE-2025-6454

Vulnrichment

Updated: 2025-09-12T17:18:55.780Z

NVD

Status : Received

Published: 2025-09-12T06:15:42.990

Modified: 2025-09-12T06:15:42.990

Link: CVE-2025-6454

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6454", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-06-20T19:30:39.145Z", "datePublished": "2025-09-12T06:05:49.792Z", "dateUpdated": "2025-09-12T17:18:59.590Z"}, "containers": {"cna": {"title": "Server-Side Request Forgery (SSRF) in GitLab", "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "16.11", "status": "affected", "lessThan": "18.1.6", "versionType": "semver"}, {"version": "18.2", "status": "affected", "lessThan": "18.2.6", "versionType": "semver"}, {"version": "18.3", "status": "affected", "lessThan": "18.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "references": [{"url": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/550766", "name": "GitLab Issue #550766", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3162711", "name": "HackerOne Bug Bounty Report #3162711", "tags": ["technical-description", "exploit", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.1.6, 18.2.6, 18.3.2 or above."}], "credits": [{"lang": "en", "value": "Thanks [ppee](https://hackerone.com/ppee) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-09-12T06:05:49.792Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-12T17:18:49.673424Z", "id": "CVE-2025-6454", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:18:59.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6454", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-12T17:18:49.673424Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:18:55.780Z"}}], "cna": {"title": "Server-Side Request Forgery (SSRF) in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ppee](https://hackerone.com/ppee) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.11", "lessThan": "18.1.6", "versionType": "semver"}, {"status": "affected", "version": "18.2", "lessThan": "18.2.6", "versionType": "semver"}, {"status": "affected", "version": "18.3", "lessThan": "18.3.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.1.6, 18.2.6, 18.3.2 or above."}], "references": [{"url": "https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/550766", "name": "GitLab Issue #550766", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3162711", "name": "HackerOne Bug Bounty Report #3162711", "tags": ["technical-description", "exploit", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-09-12T06:05:49.792Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6454", "state": "PUBLISHED", "dateUpdated": "2025-09-12T17:18:59.590Z", "dateReserved": "2025-06-20T19:30:39.145Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2025-09-12T06:05:49.792Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}