CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-5195: Authorization Bypass Through User-Controlled Key in GitLab

4.3 CVSS

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

Classification

CVE ID: CVE-2025-5195

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-639: Authorization Bypass Through User-Controlled Key

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.28% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5195
https://gitlab.com/gitlab-org/gitlab/-/issues/534960

Timeline

2025-06-12 11:40:17 UTC
CVE

Authorization Bypass Through User-Controlled Key in GitLab