What is CVE-2025-1198?

A medium-severity vulnerability has been identified in GitLab affecting multiple versions. This vulnerability allows revoked Personal Access Tokens to access streaming results, posing a potential risk to data integrity. Organizations should address this issue promptly to mitigate risks associated with unauthorized access.

What is the severity of CVE-2025-1198?

CVE-2025-1198 has a severity rating of MEDIUM with a CVSS base score of 4.2.

CVE-2025-1198 | Medium Vulnerability in GitLab

An issue discovered in GitLab CE/EE affects all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. This vulnerability allows long-lived connections in ActionCable to potentially permit revoked Personal Access Tokens access to streaming results. The CVSS score for this vulnerability is 4.2, categorizing it as medium severity.

Risk to organizations includes unauthorized access to sensitive streaming data due to the misuse of revoked tokens. Given the potential implications of this vulnerability, organizations should prioritize patching immediately.

As of now, there are no public exploits confirmed. However, the potential for exploitation exists, and organizations should remain vigilant. It is crucial to ensure that all GitLab installations are updated to mitigate this risk.

The vulnerability was published on February 13, 2025, and has undergone analysis to determine its impact. Organizations using affected versions should implement remediation strategies promptly.

Vulnerability Details

The vulnerability allows long-lived connections in ActionCable to access streaming results using revoked Personal Access Tokens. This situation arises from improper handling of token revocation. The CVSS score of 4.2 indicates a medium severity level, reflecting a moderate risk of exploitation.

The affected products include GitLab CE/EE across multiple versions. Organizations should refer to the official GitLab documentation for guidance on remediation.

Technical Analysis

The root cause of this vulnerability relates to the handling of Personal Access Tokens in long-lived connections. Attackers may leverage this flaw to gain unauthorized access to streaming data, given that the complexity of exploitation is high and requires low privileges.

The attack vector is primarily network-based, with no user interaction required. Confidentiality and integrity impacts are classified as low, while availability is not affected.

Risk & Impact Analysis

Organizations using affected versions of GitLab could face significant risks if unauthorized access to sensitive streaming data occurs. The potential blast radius includes compromised data integrity, leading to trust issues with users and stakeholders.

Given the medium severity score, organizations should address this vulnerability in their priority patch cycle. Continuous monitoring and assessment of access controls are recommended to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of GitLab include all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. Organizations should ensure they are on the latest version to prevent exploitation.

Mitigation & Remediation

Organizations should prioritize patching GitLab installations to version 17.6.5, 17.7.4, or 17.8.2 or later. In addition to applying patches, organizations can benefit from implementing robust monitoring controls and reviewing access management policies.

For effective remediation, organizations should consider conducting a security assessment using application security assessment to identify any other potential vulnerabilities.

Detection Guidance

Monitoring logs for unauthorized access attempts and unusual activity patterns is essential. Organizations should look for indicators such as revoked token usage in connection logs and any anomalies in streaming data access.

AppSecure Threat Intelligence Insight

The significance of CVE-2025-1198 lies in its impact on GitLab's handling of Personal Access Tokens. This vulnerability highlights the importance of secure token management practices. Organizations are encouraged to adopt a proactive stance on security by regularly updating systems and monitoring for potential vulnerabilities.

Security teams should also consider implementing continuous security testing methodologies, such as continuous penetration testing, to ensure vulnerabilities are identified and remediated in a timely manner.

Furthermore, this incident underscores the necessity for organizations to develop a robust vulnerability management program that can adapt to emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1198: Medium Vulnerability in GitLab