CVE-2025-0673 – GitLab CE/EE Infinite Redirect Loop Vulnerability

June 12, 2025

CVE ID : CVE-2025-0673

Published : June 12, 2025, 11:15 a.m. | 2 hours, 44 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5195 – GitLab Compliance Framework Unauthorized Data Disclosure

Next Article CVE-2025-5996 – GitLab HTTP Response Denial of Service Vulnerability

Highlights

CVE-2025-38162 – Linux Kernel Netfilter NFT Set Pipapo Integer Overflow Vulnerability

July 3, 2025

CVE ID : CVE-2025-38162

Published : July 3, 2025, 9:15 a.m. | 2 hours, 14 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: prevent overflow in lookup table allocation

When calculating the lookup table size, ensure the following
multiplication does not overflow:

– desc->field_len[] maximum value is U8_MAX multiplied by
NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.
– NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case.
– sizeof(unsigned long), from sizeof(*f->lt), lt in
struct nft_pipapo_field.

Then, use check_mul_overflow() to multiply by bucket size and then use
check_add_overflow() to the alignment for avx2 (if needed). Finally, add
lt_size_check_overflow() helper and use it to consolidate this.

While at it, replace leftover allocation using the GFP_KERNEL to
GFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-0673 – GitLab CE/EE Infinite Redirect Loop Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-5912 – D-Link DIR-632 Remote Stack-Based Buffer Overflow Vulnerability

PowerToys Run adds Internet speed test, video downloader & more

CVE-2025-48205 – TYPO3 sr_feuser_register Insecure Direct Object Reference

CVE-2025-46577 – GoldenDB Database SQL Injection Vulnerability

CVE-2025-38162 – Linux Kernel Netfilter NFT Set Pipapo Integer Overflow Vulnerability

CVE-2025-46724 – Langroid TableChatAgent Code Injection Vulnerability

CVE-2025-49509 – Roland Beaussant Audio Editor & Recorder Missing Authorization Vulnerability

Broadcom waarschuwt voor actief misbruikt lek in Brocade Fabric OS

CVE-2025-0673 – GitLab CE/EE Infinite Redirect Loop Vulnerability

Related Posts