CVE-2025-0290: Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
First published: Tue Jan 28 2025(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Community Edition | >15.0<17.5.5>17.6<17.6.3>17.7<17.7.1 |
Remedy
Upgrade to versions 17.6.4, 17.7.2, 17.8.0 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0290?
CVE-2025-0290 has a moderate severity level due to its potential to cause background jobs to become unresponsive.
How do I fix CVE-2025-0290?
To fix CVE-2025-0290, update your GitLab CE/EE to version 17.5.5 or later, 17.6.3 or later, or 17.7.1 or later.
Which versions of GitLab are affected by CVE-2025-0290?
CVE-2025-0290 affects GitLab CE/EE versions 15.0 to 17.5.5, 17.6 to 17.6.3, and 17.7 to 17.7.1.
What component of GitLab is impacted by CVE-2025-0290?
CVE-2025-0290 impacts the processing of CI artifacts metadata within GitLab.
When was CVE-2025-0290 disclosed?
CVE-2025-0290 was identified in GitLab's versions released prior to the patches in early 2025.
- agent/remedy
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/type
- agent/references
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/source
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab community edition