CVE-2025-2469 | THREATINT

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.

PUBLISHED Reserved 2025-03-17 | Published 2025-04-10 | Updated 2025-04-10 | Assigner GitLab

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-1295: Debug Messages Revealing Unnecessary Information

Product status

Default status

unaffected

17.9 (semver) before 17.9.6

affected

17.10 (semver) before 17.10.4

affected

Credits

Thanks [ap-wtioit](https://hackerone.com/ap-wtioit) for reporting this vulnerability through our HackerOne bug bounty program finder

References

gitlab.com/gitlab-org/gitlab/-/issues/525374 (GitLab Issue #525374) issue-tracking permissions-required

hackerone.com/reports/3030586 (HackerOne Bug Bounty Report #3030586) technical-description exploit permissions-required

cve.org (CVE-2025-2469)

nvd.nist.gov (CVE-2025-2469)

Download JSON