CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-2045: Incorrect Authorization in GitLab

4.3 CVSS

Description

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

Classification

CVE ID: CVE-2025-2045

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-863: Incorrect Authorization

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.43% (scored less or equal to compared to others)

EPSS Date: 2025-04-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2045
https://gitlab.com/gitlab-org/gitlab/-/issues/512050
https://hackerone.com/reports/2921111

Timeline

2025-03-06 13:40:11 UTC
CVE

Incorrect Authorization in GitLab