Privilege Escalation Vulnerability in GitLab EE by GitLab
CVE-2025-10871
3.8LOW
What is CVE-2025-10871?
A significant vulnerability has been identified in GitLab EE where Project Maintainers can exploit permission settings to assign custom roles to users, exceeding their granted permissions. This flaw enables unauthorized elevation of privileges, potentially compromising the security of user accounts and project integrity. Impacted versions range across multiple releases, requiring immediate attention and remediation by GitLab users.
Affected Version(s)
GitLab 16.6 < 18.2.7
GitLab 18.3 < 18.3.3
GitLab 18.4 < 18.4.1
References
CVSS V3.1
Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This vulnerability was discovered internally by a GitLab team member, [Diane Russel](https://gitlab.com/dlrussel).