vulnerability

Gitlab Gitlab: CVE-2025-12073: Server-Side Request Forgery (SSRF)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Feb 11, 2026	Feb 12, 2026	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Feb 11, 2026

Added

Feb 12, 2026

Modified

Mar 25, 2026

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-918
CVE-2025-12073
https://attackerkb.com/topics/CVE-2025-12073
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/578091
https://hackerone.com/reports/3314987
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-207422

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report