CVE-2025-8279
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-11
Assigner: GitLab Inc.
Description
Description
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | language_server | From 7.6.0 (inc) to 7.30.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to insufficient input validation in GitLab Language Server versions 7.6.0 up to but not including 7.30.0, which allows an attacker to execute arbitrary GraphQL queries.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to execute arbitrary GraphQL queries, potentially leading to high impact on confidentiality and integrity of data, as indicated by the CVSS score. This could result in unauthorized access to sensitive information or manipulation of data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70