Authentication Flaw in GitLab CE/EE Exposes Datadog API Credentials
CVE-2025-12697

2.2LOW

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 11 March 2026

What is CVE-2025-12697?

GitLab has addressed a significant issue in GitLab CE/EE, where an authenticated user with maintainer-role permissions could potentially exploit specific conditions to reveal sensitive Datadog API credentials. This vulnerability impacts multiple versions and underscores the importance of proper access controls in managing user permissions to safeguard valuable API integrations and sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab 15.5 < 18.7.6

GitLab 18.8 < 18.8.6

GitLab 18.9 < 18.9.2

References

https://hackerone.com/reports/3341953

technical-descriptionexploitpermissions-required

https://gitlab.com/gitlab-org/gitlab/-/work_items/579504

https://about.gitlab.com/releases/2026/03/11/patch-releas...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Nov 4, 2025

Credit

Thanks [shells3c](https://hackerone.com/shells3c) for reporting this vulnerability through our HackerOne bug bounty program

JSON

Gitlab