ToyMaker Ransomware Fuels CACTUS Attacks – Active IOCs
April 28, 2025Multiple WordPress Plugins Vulnerabilities
April 28, 2025ToyMaker Ransomware Fuels CACTUS Attacks – Active IOCs
April 28, 2025Multiple WordPress Plugins Vulnerabilities
April 28, 2025Severity
Medium
Analysis Summary
CVE-2024-12244 CVSS:4.3
GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorization.
CVE-2025-0639 CVSS:6.5
GitLab is vulnerable to a denial of service, caused by allocation of resources without limits or throttling in issue preview.
CVE-2025-1908 CVSS:7.7
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by Network Error Logging (NEL) Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring.
Impact
- Denial of Service
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
CVE-2024-12244
CVE-2025-0639
CVE-2025-1908
Affected Vendors
- GitLab
Affected Products
- GitLab - 17.9.6
- GitLab - 17.10.4
- GitLab - 17.11
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.