What is the severity of CVE-2025-0290?

CVE-2025-0290 has a moderate severity level due to its potential to cause background jobs to become unresponsive.

How do I fix CVE-2025-0290?

To fix CVE-2025-0290, update your GitLab CE/EE to version 17.5.5 or later, 17.6.3 or later, or 17.7.1 or later.

Which versions of GitLab are affected by CVE-2025-0290?

CVE-2025-0290 affects GitLab CE/EE versions 15.0 to 17.5.5, 17.6 to 17.6.3, and 17.7 to 17.7.1.

What component of GitLab is impacted by CVE-2025-0290?

CVE-2025-0290 impacts the processing of CI artifacts metadata within GitLab.

When was CVE-2025-0290 disclosed?

CVE-2025-0290 was identified in GitLab's versions released prior to the patches in early 2025.

Vulnerability/
CVE-2025-0290

medium

4.3

CWE

835

28/1/2025

CVE-2025-0290: Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

First published: Tue Jan 28 2025(Updated: )

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.

Credit: cve@gitlab.com

Affected Software	Affected Version	How to fix
GitLab	>15.0<17.5.5>17.6<17.6.3>17.7<17.7.1

Remedy

Upgrade to versions 17.6.4, 17.7.2, 17.8.0 or above.

Never miss a vulnerability like this again

Reference Links

https://gitlab.com/gitlab-org/gitlab/-/issues/372134

Frequently Asked Questions

What is the severity of CVE-2025-0290?
CVE-2025-0290 has a moderate severity level due to its potential to cause background jobs to become unresponsive.
How do I fix CVE-2025-0290?
To fix CVE-2025-0290, update your GitLab CE/EE to version 17.5.5 or later, 17.6.3 or later, or 17.7.1 or later.
Which versions of GitLab are affected by CVE-2025-0290?
CVE-2025-0290 affects GitLab CE/EE versions 15.0 to 17.5.5, 17.6 to 17.6.3, and 17.7 to 17.7.1.
What component of GitLab is impacted by CVE-2025-0290?
CVE-2025-0290 impacts the processing of CI artifacts metadata within GitLab.
When was CVE-2025-0290 disclosed?
CVE-2025-0290 was identified in GitLab's versions released prior to the patches in early 2025.

agent/remedy
agent/title
agent/weakness
agent/first-publish-date
agent/description
agent/type
agent/references
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/source
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
vendor/gitlab
canonical/gitlab

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2025-0290?
CVE-2025-0290 has a moderate severity level due to its potential to cause background jobs to become unresponsive.
How do I fix CVE-2025-0290?
To fix CVE-2025-0290, update your GitLab CE/EE to version 17.5.5 or later, 17.6.3 or later, or 17.7.1 or later.
Which versions of GitLab are affected by CVE-2025-0290?
CVE-2025-0290 affects GitLab CE/EE versions 15.0 to 17.5.5, 17.6 to 17.6.3, and 17.7 to 17.7.1.
What component of GitLab is impacted by CVE-2025-0290?
CVE-2025-0290 impacts the processing of CI artifacts metadata within GitLab.
When was CVE-2025-0290 disclosed?
CVE-2025-0290 was identified in GitLab's versions released prior to the patches in early 2025.