CVE-2025-5195

Published: Jun 12, 2025Modified: Aug 8, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: cve@gitlab.com (Secondary)

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 17.11.0 to 17.11.3
Gitlab Gitlab	From 17.9.0 to 17.10.7
Gitlab Gitlab	From 17.11.0 to 17.11.3
Gitlab Gitlab	From 17.9.0 to 17.10.7
Gitlab Gitlab	Version 18.0.0
Gitlab Gitlab	Version 18.0.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://gitlab.com/gitlab-org/gitlab/-/issues/534960

Source: cve@gitlab.com

ExploitIssue Tracking

Timeline

No history available yet.