CVE-2025-1198

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Feb 13, 2025

CWE ID 613

Summary

CVE-2025-1198 is a vulnerability affecting GitLab CE/EE versions 16.11 to 17.8.2. This issue allows revoked Personal Access Tokens to access streaming results through long-lived connections in ActionCable. The impact is significant as it may result in unauthorized access to sensitive data. GitLab CE/EE users running affected versions are recommended to upgrade immediately to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3OrmnL
https://www.cve.org/CVERecord?id=CVE-2025-1198
https://nvd.nist.gov/vuln/detail/CVE-2025-1198

Back to Vulnerability Database