Home > Vulnerability Database > CVE-2025-0194

Mend.io Vulnerability Database

CVE-2025-0194

Date: January 8, 2025

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

Severity Score

6.5

Related Resources (4)

Url: https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0194

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/489459

Url: https://www.mend.io/vulnerability-database/CVE-2025-0194

Severity Score

6.5

Weakness Type (CWE)

Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-538

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0194

Date: January 8, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?