CVE-2025-1754 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-1754

Analyzed

More Info Official Page

Source-cve@gitlab.com

Published At-26 Jun, 2025 | 06:15

Updated At-12 Aug, 2025 | 14:41

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CPE Matches

>>gitlab>>Versions from 17.2.0(inclusive) to 17.11.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 17.2.0(inclusive) to 17.11.5(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>Versions from 18.0.0(inclusive) to 18.0.3(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 18.0.0(inclusive) to 18.0.3(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>18.1.0

cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:community:*:*:*

>>gitlab>>18.1.0

cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-306	Primary	cve@gitlab.com

CWE ID: CWE-306

Type: Primary

Source: cve@gitlab.com

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/521619	cve@gitlab.com	Broken Link
https://hackerone.com/reports/3009067	cve@gitlab.com	Permissions Required

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/521619

Source: cve@gitlab.com

Resource:

Broken Link

Hyperlink: https://hackerone.com/reports/3009067

Source: cve@gitlab.com

Resource:

Permissions Required