Main Vulnerability Database Vulnerabilities #VU109649

Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2025-4979

Published: May 22, 2025

Vulnerability identifier: #VU109649

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-4979

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.

How to mitigate CVE-2025-4979

Install updates from vendor's website.

Sources

https://about.gitlab.com/releases/2025/05/21/patch-release-gitlab-18-0-1-released/

Information disclosure in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2025-4979

Detailed vulnerability description

How to mitigate CVE-2025-4979

Sources

Please verify you're human