CVE-2025-10094

Improper Validation of Specified Quantity in Input in GitLab

CVSS 6.5 MEDIUMEPSS 0.4%CWE-1284

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 sep 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Productos afectados

GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/https://gitlab.com/gitlab-org/gitlab/-/issues/528469 https://hackerone.com/reports/3049089