CVE-2025-0362: Improper Restriction of Rendered UI Layers or Frames in GitLab

6.4 CVSS

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.

Classification

CVE ID: CVE-2025-0362

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Problem Types

CWE-1021: Improper Restriction of Rendered UI Layers or Frames

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.71% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0362
https://gitlab.com/gitlab-org/gitlab/-/issues/512425
https://hackerone.com/reports/2926425

Timeline

2025-04-10 15:40:21 UTC
CVE

Improper Restriction of Rendered UI Layers or Frames in GitLab