Information Disclosure Vulnerability in GitLab EE
CVE-2025-11247

4.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-11247?

GitLab EE has a vulnerability that allows authenticated users to exploit poorly configured GraphQL queries, potentially leading to unauthorized disclosure of sensitive information from private projects. This affects a wide range of GitLab EE versions, enabling attackers to gain insight into data that should remain confidential, emphasizing the importance of proper access controls and code auditing.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab 13.2 < 18.4.6

GitLab 18.5 < 18.5.4

GitLab 18.6 < 18.6.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/573766

issue-trackingpermissions-required

https://hackerone.com/reports/3307422

technical-descriptionexploitpermissions-required

https://about.gitlab.com/releases/2025/12/10/patch-releas...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Oct 2, 2025

Credit

Thanks [weasterhacker](https://hackerone.com/weasterhacker) for reporting this vulnerability through our HackerOne bug bounty program

JSON

Gitlab