CVE-2025-2615 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Websocket Connection insertion of sensitive information into sent data (Patch 526360)

Inserito da Angelo Barbosa | Nov 15, 2025 | CVE

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.3.5/18.4.3/18.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Websocket Connection Handler. The manipulation results in insertion of sensitive information into sent data.

This vulnerability is cataloged as CVE-2025-2615. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2025-2615 | GitLab Community Edition/Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Websocket Connection insertion of sensitive information into sent data (Patch 526360)

Post correlati

CVE-2023-38944 | Multilaser RE160V/RE163V 12.03.01.09_pt/12.03.01.10_pt Web Management Interface RouterCfm.cfg access control

CVE-2024-22855 | ITSS iMLog 1.307 User Maintenance Section Last Name cross site scripting (Exploit 52025 / EDB-52025)

CVE-2024-5047 | SourceCodester Student Management System 1.0 /student/controller.php photo unrestricted upload

CVE-2025-0848 | Tenda A18 up to 15.13.07.09 HTTP POST Request /goform/SetCmdlineRun wpapsk_crypto5g stack-based overflow