CVE Vulnerabilities

CVE-2025-12506

Use of Incorrectly-Resolved Name or Reference

Published: Jul 08, 2026 | Modified: Jul 09, 2026
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the content available for download, due to improper handling of Git reference name resolution.

Weakness

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Affected Software

NameVendorStart VersionEnd Version
GitlabGitlab16.5.0 (including)18.11.7 (excluding)
GitlabGitlab19.0.0 (including)19.0.4 (excluding)
GitlabGitlab19.1.0 (including)19.1.2 (excluding)
GitlabUbuntuesm-apps-legacy/xenial*

References