CVE-2025-0290

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/372134	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:17.7.0::::community:::
	cpe:2.3:a:gitlab:gitlab:17.7.0::::enterprise:::

History

05 Aug 2025, 20:45

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:gitlab:gitlab:17.7.0::::enterprise::: cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:17.7.0::::community:::
First Time		Gitlab gitlab Gitlab
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/372134 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/372134 - Broken Link
Summary		(es) Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 15.0 anterior a la 17.5.5, de la 17.6 anterior a la 17.6.3 y de la 17.7 anterior a la 17.7.1. En determinadas condiciones, el procesamiento de metadatos de artefactos de CI podría provocar que los trabajos en segundo plano dejaran de responder.

28 Jan 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-28 09:15

Updated : 2025-08-05 20:45

NVD link : CVE-2025-0290

Mitre link : CVE-2025-0290

CVE.ORG link : CVE-2025-0290

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

NVD-CWE-noinfo

{"id": "CVE-2025-0290", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-28T09:15:09.363", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/372134", "tags": ["Broken Link"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones a partir de la 15.0 anterior a la 17.5.5, de la 17.6 anterior a la 17.6.3 y de la 17.7 anterior a la 17.7.1. En determinadas condiciones, el procesamiento de metadatos de artefactos de CI podr\u00eda provocar que los trabajos en segundo plano dejaran de responder."}], "lastModified": "2025-08-05T20:45:33.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "28A6702B-36C8-4CCB-BB52-4C43946735E8", "versionEndExcluding": "17.5.5", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "DE92CABE-9E83-4C89-AF20-4AEEC23E0B33", "versionEndExcluding": "17.5.5", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFB4F2D-7692-4241-AF8B-A0C5B5FA6021", "versionEndExcluding": "17.6.3", "versionStartIncluding": "17.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "464F7155-C7C2-4881-A78F-FB949540F3A9", "versionEndExcluding": "17.6.3", "versionStartIncluding": "17.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.7.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "F84BE558-D8B7-4C3E-B00D-DD1A273B8B3E"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:17.7.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE151E5-6D8D-4544-B88C-71394C460D75"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}