CVE-2025-0605 Weak Authentication in GitLab

🗓️ 22 May 2025 14:31:54Reported by GitLabType

Weak authentication flaw in GitLab allows bypassing two-factor authentication for specific users.

Reporter	Title	Published	Views	Family All 18
FreeBSD	Gitlab -- vulnerabilities	21 May 202500:00	–	freebsd
Circl	CVE-2025-0605	22 May 202514:43	–	circl
CNNVD	GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞	22 May 202500:00	–	cnnvd
CVE	CVE-2025-0605	22 May 202514:31	–	cve
Debian CVE	CVE-2025-0605	22 May 202514:31	–	debiancve
EUVD	EUVD-2025-16150	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (a1a1b0c2-3791-11f0-8600-2cf05da270f3)	23 May 202500:00	–	nessus
Tenable Nessus	GitLab 16.8 < 17.10.7 / 17.11 < 17.11.3 / 18.0 < 18.0.1 (CVE-2025-0605)	22 May 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-0605	30 Aug 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	23 May 202508:38	–	ncsc

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "16.8",
        "status": "affected",
        "lessThan": "17.10.7",
        "versionType": "semver"
      },
      {
        "version": "17.11",
        "status": "affected",
        "lessThan": "17.11.3",
        "versionType": "semver"
      },
      {
        "version": "18.0",
        "status": "affected",
        "lessThan": "18.0.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2919391
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/514204

22 May 2025 14:31Current

CVSS 3.14.6

EPSS0.00051

CWE-1390