CVE-2025-3950

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/537697	Broken Link Issue Tracking
https://hackerone.com/reports/3106477	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

No history.

Information

Published : 2026-01-09 10:15

Updated : 2026-01-21 19:19

NVD link : CVE-2025-3950

Mitre link : CVE-2025-3950

CVE.ORG link : CVE-2025-3950

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

{"id": "CVE-2025-3950", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2026-01-09T10:15:46.310", "references": [{"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/537697", "tags": ["Broken Link", "Issue Tracking"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/3106477", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection."}], "lastModified": "2026-01-21T19:19:06.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B364C44F-E8AE-46C6-AFF9-344B61B531D4", "versionEndExcluding": "18.5.5", "versionStartIncluding": "10.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "23F20E77-0F2B-4AD3-9186-9E25B96B7796", "versionEndExcluding": "18.5.5", "versionStartIncluding": "10.3.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "2B9B2E1D-016E-45CF-80CD-7CC77A5B5576", "versionEndExcluding": "18.6.3", "versionStartIncluding": "18.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "75013646-70F2-467E-B79E-9301338AB853", "versionEndExcluding": "18.6.3", "versionStartIncluding": "18.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB8EB8C-1F4F-47E6-B1EB-5686613B75F9", "versionEndExcluding": "18.7.1", "versionStartIncluding": "18.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C43A7C18-65D0-4731-88A8-6BF6A33A1435", "versionEndExcluding": "18.7.1", "versionStartIncluding": "18.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}