CVE-2025-6454

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6454
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6454.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6454
Aliases
Published
2025-09-12T06:05:49.792Z
Modified
2025-12-05T11:02:59.422800Z
Severity
  • 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Server-Side Request Forgery (SSRF) in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6454.json",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
22834294718a25956b0a859c8eed72248300eeee
Fixed
f2e9bb529ea308547c5cf059bbb25aaf7adf96be
Database specific 
{
    "versions": [
        {
            "introduced": "16.11"
        },
        {
            "fixed": "18.1.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
64403a0daee4413eb45b939590f37c351b8e72bf
Fixed
a3b7906ca40e331c17bbeab4085a6d72cf03afd1
Database specific 
{
    "versions": [
        {
            "introduced": "18.2"
        },
        {
            "fixed": "18.2.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
94282cd9b41643ecd8a82da6cf46834cd9609afe
Fixed
1ffbed2ea94e5a3c4364ae2062b825bcf8e41ae5
Database specific 
{
    "versions": [
        {
            "introduced": "18.3"
        },
        {
            "fixed": "18.3.2"
        }
    ]
}

Affected versions

v18.*

v18.2.0-ee
v18.2.1-ee
v18.2.2-ee
v18.2.3-ee
v18.2.4-ee
v18.2.5-ee
v18.3.0-ee
v18.3.1-ee