IP Access Bypass Vulnerability in GitLab CE/EE Products
CVE-2025-1278

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-1278?

A vulnerability in GitLab CE/EE has been identified, allowing users to bypass IP access restrictions under specific conditions, thus exposing sensitive information. This issue affects multiple versions, compromising the security measures intended to protect user data. It is crucial for users to apply necessary updates to safeguard their systems.

Affected Version(s)

GitLab 12.0 < 17.9.8

GitLab 17.10 < 17.10.6

GitLab 17.11 < 17.11.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/519580

issue-trackingpermissions-required

https://hackerone.com/reports/2977149

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Feb 13, 2025

Credit

Thanks [iamgk808](https://hackerone.com/iamgk808) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2025-1278?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit