CVE-2025-0362 MEDIUM

CVE-2025-0362: Improper Restriction of Rendered UI Layers or Frames in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-1021
Published April 10, 2025
Last update April 10, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

Key dates

02Disclosure timeline

April 10, 2025 CVE published
April 10, 2025 Record updated