CVE-2025-0290
Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
4.3
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.
How to fix CVE-2025-0290
To remediate CVE-2025-0290, upgrade the affected package to a fixed version below.
- —upgrade to 17.6.4 or later
Is CVE-2025-0290 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 15.0.0, < 17.6.4, >= 17.7.0, < 17.7.2, >= 17.8.0, < 17.8.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |