VDB

CVE-2025-12073

CVE-2025-12073 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality.

EPSS 0.02% · 5.4th percentile

Risk Scores

EPSS Score
0.02%
5.4th percentile

Affected Products

VendorProductVersions
Bitnamigitlab18.0.0, 18.7.0, 18.8.0
Bitnamigitlab18.0.0, 18.8.0, 18.7.0

Timeline

  • Feb 11, 2026 CVE Published
  • Feb 11, 2026 EPSS Score
  • Feb 13, 2026 EPSS Score
  • Feb 15, 2026 EPSS Score
  • Feb 17, 2026 EPSS Score
  • Feb 19, 2026 EPSS Score
  • Feb 21, 2026 EPSS Score
  • Feb 23, 2026 EPSS Score
  • Feb 25, 2026 EPSS Score
  • Feb 27, 2026 EPSS Score
  • Mar 1, 2026 EPSS Score
  • Mar 3, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›