Unauthorized Access Vulnerability in GitLab EE/CE Affects Multiple Versions
CVE-2025-0652
Key Information:
Badges
What is CVE-2025-0652?
A vulnerability has been identified in GitLab EE/CE versions that allows unauthorized users to gain access to confidential information meant for internal use. This flaw affects various versions, enabling potential exposure of sensitive data, which could be detrimental to organizational security. It is critical for users to review their security settings and update to the latest versions to patch this vulnerability.
Affected Version(s)
GitLab 16.9 < 17.7.7
GitLab 17.8 < 17.8.5
GitLab 17.9 < 17.9.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved