Authorization Vulnerability in GitLab CE/EE by GitLab
CVE-2025-0362

6.4MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 10 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An authorization bypass vulnerability has been identified in GitLab CE/EE versions ranging from 7.7 to 17.10.3. This flaw arises under specific scenarios where an attacker could manipulate users into granting authorization for sensitive operations without their consent. This could lead to unintended actions being executed on behalf of the user, posing a significant security risk. Users and administrators are urged to apply patches and updates promptly to mitigate the potential for exploitation.

Affected Version(s)

GitLab 7.7 < 17.8.7

GitLab 17.9 < 17.9.6

GitLab 17.10 < 17.10.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0362 - Proof of Concept

References

https://gitlab.com/gitlab-org/gitlab/-/issues/512425

issue-trackingpermissions-required

https://hackerone.com/reports/2926425

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 10, 2025
👾
Exploit known to exist
Apr 10, 2025
Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Jan 9, 2025

Credit

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program