VYPR
Unrated severityOSV Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

Exposure of Private Personal Information to an Unauthorized Actor in GitLab

CVE-2025-3950

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

32

Patches

Vulnerability mechanics

References

3

News mentions

1