GitLab Domain Confusion in gitlab Leaks API Key
CVE-2025-10282

4.7MEDIUM

Key Information:

Vendor

Blsops, Llc

Status
Bbot
Vendor
CVE Published:
9 October 2025

What is CVE-2025-10282?

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.

Affected Version(s)

bbot Linux 0.0.0 <= 2.6.1

References

https://blog.blacklanternsecurity.com/p/bbot-security-adv...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-10282 : Exposure of API Key in BBOT's GitLab Module