← back
CVE-2025-1754

Missing Authentication for Critical Function in GitLab

CVSS 5.3 MEDIUMEPSS 0.2%CWE-306
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
GitLab · GitLab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gitlab-org/gitlab/-/issues/521619https://hackerone.com/reports/3009067