CVE-2025-0673: 
GitLab vulnerability analysis and mitigation

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, which allows an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. The vulnerability was disclosed on June 11, 2025, and has been assigned CVE-2025-0673 with a CVSS v3.1 base score of 7.5 (High) (GitLab Release, NVD).

The vulnerability is classified as a Loop with Unreachable Exit Condition (Infinite Loop) vulnerability (CWE-835). It has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD, GitLab Release).

The vulnerability can cause memory exhaustion on the server through an infinite redirect loop, potentially making the GitLab instance unavailable to legitimate users. This denial of service condition affects the availability of the system without compromising confidentiality or integrity (GitLab Release).

GitLab has released patches to address this vulnerability in versions 18.0.2, 17.11.4, and 17.10.8. Users are strongly recommended to upgrade to these patched versions immediately. GitLab.com has already been updated with the fix, and GitLab Dedicated customers do not need to take any action (GitLab Release).