CVE Record: CVE-2025-2469

Required CVE Record Information

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users.

CWE 1 Total

Learn more

CWE-1295: CWE-1295: Debug Messages Revealing Unnecessary Information

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
3.7	LOW	3.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Product Status

Learn more

Versions 2 Total

Default Status: unaffected

affected

Credits

Thanks [ap-wtioit](https://hackerone.com/ap-wtioit) for reporting this vulnerability through our HackerOne bug bounty program finder

References 2 Total

gitlab.com: GitLab Issue #525374
external site
issue-trackingpermissions-required
hackerone.com: HackerOne Bug Bounty Report #3030586
external site
technical-descriptionexploitpermissions-required

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: GitLab Inc.

Description

CWE 1 Total

CVSS 1 Total

Product Status

Credits

References 2 Total

Authorized Data Publishers

CISA-ADP