CVE-2025-0549 – GitLab OAuth Bypass Vulnerability

May 9, 2025

CVE ID : CVE-2025-0549

Published : May 9, 2025, 5:15 p.m. | 2 hours, 23 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1278 – GitLab IP Access Bypass Vulnerability

Next Article CVE-2024-8973 – GitLab GitHub Import Denial of Service

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-0549 – GitLab OAuth Bypass Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2025-48788 – Apache HTTP Server Credentials Disclosure

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

CVE-2025-5330 – FreeFloat FTP Server RETR Command Handler Buffer Overflow Vulnerability

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

Ahold Delhaize USA Confirms Data Stolen in 2024 Cyberattack

Build an AI assistant using Amazon Q Business with Amazon S3 clickable URLs

CVE-2025-7460 – TOTOLINK T6 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-7531 – Tenda FH1202 PPTP Remote Stack Buffer Overflow Vulnerability

CVE-2025-0549 – GitLab OAuth Bypass Vulnerability

Related Posts