{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:20:10.650","vulnerabilities":[{"cve":{"id":"CVE-2025-1072","sourceIdentifier":"cve@gitlab.com","published":"2025-02-07T04:15:07.737","lastModified":"2025-08-06T20:11:21.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer."},{"lang":"es","value":"Se ha descubierto un problema de denegación de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones a partir de la 7.14.1 anterior a la 17.3.7, la 17.4 anterior a la 17.4.4 y la 17.5 anterior a la 17.5.2. Una denegación de servicio podría ocurrir al importar contenido manipulado con fines malintencionados mediante el importador Fogbugz."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"7.14.1","versionEndExcluding":"17.3.7","matchCriteriaId":"F657868E-09FD-4220-B119-C306351A7A99"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"7.14.1","versionEndExcluding":"17.3.7","matchCriteriaId":"71A132B0-4D3F-4752-919C-C6B1E5714FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"17.4.0","versionEndExcluding":"17.4.4","matchCriteriaId":"1F7F4C7C-334F-4015-AC25-74FCE4BAD311"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"17.5.0","versionEndExcluding":"17.5.2","matchCriteriaId":"34CDEED3-E7FB-4620-8E07-E4766F9B6593"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"17.5.0","versionEndExcluding":"17.5.2","matchCriteriaId":"DA99FF56-0441-464D-B369-CF72EF9EEDC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"17.7.0","versionEndExcluding":"17.7.3","matchCriteriaId":"BE3A08B9-AB93-4384-AC6F-479770F8F179"}]}]}],"references":[{"url":"https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#denial-of-service-by-importing-malicious-crafted-fogbugz-import-payload","source":"cve@gitlab.com","tags":["Release Notes"]},{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/463093","source":"cve@gitlab.com","tags":["Broken Link"]},{"url":"https://hackerone.com/reports/2504059","source":"cve@gitlab.com","tags":["Permissions Required"]}]}}]}