vulnerability

Gitlab Gitlab: CVE-2025-5101: Improper Control of Generation of Code

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:H/Au:M/C:N/I:C/A:N)	Aug 27, 2025	Aug 28, 2025	Sep 18, 2025

Severity

CVSS

(AV:L/AC:H/Au:M/C:N/I:C/A:N)

Published

Aug 27, 2025

Added

Aug 28, 2025

Modified

Sep 18, 2025

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-94
CVE-2025-5101
https://attackerkb.com/topics/CVE-2025-5101
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/545165
URL-https://hackerone.com/reports/3124199

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today