{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:29:57.887","vulnerabilities":[{"cve":{"id":"CVE-2025-1908","sourceIdentifier":"cve@gitlab.com","published":"2025-04-24T08:15:14.333","lastModified":"2025-08-08T16:54:22.630","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1."},{"lang":"es","value":"Se ha descubierto un problema en GitLab EE/CE que podría permitir a un atacante rastrear las actividades de navegación de los usuarios, lo que podría llevar al control total de la cuenta, afectando a todas las versiones desde la 16.6 hasta la 17.9.7, la 17.10 hasta la 17.10.5 y la 17.11 hasta la 17.11.1."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-840"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"16.6.0","versionEndExcluding":"17.9.7","matchCriteriaId":"24E20FB2-2D62-44D3-B33F-041B393073DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"16.6.0","versionEndExcluding":"17.9.7","matchCriteriaId":"9B9C18BF-5C6B-4F81-9F0E-13C61C98D4D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"17.10.0","versionEndExcluding":"17.10.5","matchCriteriaId":"C81D345F-13AE-4508-B4C6-60E361EADC00"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"17.10.0","versionEndExcluding":"17.10.5","matchCriteriaId":"CA1D8D06-9A39-43E9-A638-5C82A59C00B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:community:*:*:*","matchCriteriaId":"DC849E49-FBCD-4F20-BCFA-E28BC7FF640F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:17.11.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"D30C941F-4464-4E1A-AA49-624F451A9A4E"}]}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/523065","source":"cve@gitlab.com","tags":["Exploit","Issue Tracking"]},{"url":"https://hackerone.com/reports/3016623","source":"cve@gitlab.com","tags":["Permissions Required"]}]}}]}