Unauthorized Access Vulnerability in GitLab CE/EE by GitLab
CVE-2025-0765

4.3MEDIUM

Key Information:

Vendor

Gitlab
Status
Gitlab
Vendor
CVE Published:
24 July 2025

What is CVE-2025-0765?

A security issue in GitLab CE/EE has been identified, allowing unauthorized users to potentially access custom service desk email addresses. This could result in data exposure and privacy concerns for users and organizations utilizing affected versions. The vulnerability impacts all releases from 17.9 before 18.0.5, as well as 18.1 before 18.1.3 and 18.2 before 18.2.1. Users are urged to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

GitLab 17.9 < 18.0.5

GitLab 18.1 < 18.1.3

GitLab 18.2 < 18.2.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/515381
issue-trackingpermissions-required
https://hackerone.com/reports/2956315
technical-descriptionexploitpermissions-required

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [iamgk808](https://hackerone.com/iamgk808) for reporting this vulnerability through our HackerOne bug bounty program
.
CVE-2025-0765 : Unauthorized Access Vulnerability in GitLab CE/EE by GitLab