CVE-2025-1908
HIGHDescription
An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Is your site exposed to CVE-2025-1908?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
| gitlab | gitlab |
References
Other References
Frequently Asked Questions
What is CVE-2025-1908? +
How severe is CVE-2025-1908? +
What products are affected by CVE-2025-1908? +
How do I check if I'm vulnerable to CVE-2025-1908? +
Related Vulnerabilities
Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.