CVE-2025-12575 – This vulnerability allows authenticated GitLab ... (How to Fix)

Q: What is the severity of CVE-2025-12575?

CVE-2025-12575 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows authenticated GitLab users with specific permissions to make unauthorized requests to internal network services through the GitLab server, potentially accessing internal systems. It affects GitLab EE versions 18.0-18.6.5, 18.7.0-18.7.3, and 18.8.0-18.8.3.

📋 TL;DR

This vulnerability allows authenticated GitLab users with specific permissions to make unauthorized requests to internal network services through the GitLab server, potentially accessing internal systems. It affects GitLab EE versions 18.0-18.6.5, 18.7.0-18.7.3, and 18.8.0-18.8.3.

💻 Affected Systems

Products:

GitLab EE

Versions: 18.0.0 to 18.6.5, 18.7.0 to 18.7.3, 18.8.0 to 18.8.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with specific permissions (not specified in CVE details). GitLab CE is not affected.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could pivot through GitLab to access sensitive internal services, potentially compromising internal systems or exfiltrating data.

🟠

Likely Case

Limited internal service enumeration or data exposure from services accessible to the GitLab server.

🟢

If Mitigated

Minimal impact with proper network segmentation and GitLab server isolation from sensitive internal services.

🌐 Internet-Facing: MEDIUM - Internet-facing GitLab instances could be used as a pivot point to internal networks by authenticated attackers.

🏢 Internal Only: MEDIUM - Internal attackers could abuse this to access other internal services they shouldn't have access to.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and specific permissions. CWE-918 indicates Server-Side Request Forgery (SSRF) vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.6.6, 18.7.4, or 18.8.4

Vendor Advisory: https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab EE 18.6.6, 18.7.4, or 18.8.4 using your preferred update method (Omnibus, Helm, source). 3. Restart GitLab services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict GitLab server's network access to only required internal services

Permission Review

all

Review and restrict user permissions to minimize attack surface

🧯 If You Can't Patch

Implement strict network segmentation to isolate GitLab from sensitive internal services
Review and minimize user permissions, especially for users who could potentially exploit this vulnerability

🔍 How to Verify

Check if Vulnerable:

Check GitLab version: sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm version is 18.6.6, 18.7.4, or 18.8.4 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual outbound requests from GitLab to internal services
SSRF-related error messages in logs

Network Indicators:

Unexpected traffic from GitLab server to internal services not typically accessed

SIEM Query:

source="gitlab" AND (http_request_to_internal_network OR ssrf_attempt)

📊 Metadata

CVE ID: CVE-2025-12575

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: February 11, 2026

Last Updated: February 13, 2026

🔗 References

https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/579171 Broken Link,Issue Tracking
https://hackerone.com/reports/3397752 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12575, you might also want to check these: