Infinite Redirect Loop in GitLab CE/EE Versions
CVE-2025-0673

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-0673?

A vulnerability has been identified in GitLab CE/EE that enables an attacker to exploit an infinite redirect loop. This issue affects multiple versions, potentially causing a denial of service condition. The impacted versions include GitLab CE/EE 17.7 prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. Attackers may leverage this vulnerability to disrupt service availability.

Affected Version(s)

GitLab 17.7 < 17.10.8

GitLab 17.11 < 17.11.4

GitLab 18.0 < 18.0.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/514732

issue-trackingpermissions-required

https://hackerone.com/reports/2936949

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2025-0673?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit