Sensitive Token Exposure in GitLab Community and Enterprise Editions
CVE-2025-13611

2LOW

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-13611?

A security issue has been identified in GitLab CE/EE that could lead to the exposure of sensitive tokens. This vulnerability affects all versions from 13.2 up to but not including 18.4.5, as well as versions 18.5 before 18.5.3 and 18.6 before 18.6.1. Authenticated users who have access to specific logs may be able to exploit this vulnerability under certain conditions, allowing them to retrieve confidential tokens. Organizations using the affected versions should update to the latest releases to mitigate the risk.

Affected Version(s)

GitLab 13.2 < 18.4.5

GitLab 18.5 < 18.5.3

GitLab 18.6 < 18.6.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/545947

issue-trackingpermissions-required

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Nov 24, 2025

JSON

Gitlab

What is CVE-2025-13611?

Affected Version(s)

References

CVSS V3.1

Timeline