Authorization Check Issue in GitLab CE/EE
CVE-2025-5121

8.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 20 June 2025

Badges

📰 News Worthy

What is CVE-2025-5121?

A vulnerability exists in GitLab CE/EE that can lead to unauthorized application of compliance frameworks to projects outside their intended groups. This flaw arises from a missing authorization check, potentially compromising project compliance integrity and allowing for improper access to sensitive compliance features. Users should be aware of this risk, particularly in versions prior to 17.11.4 and 18.0.2, and should take immediate action to patch their installations.

Affected Version(s)

GitLab 17.11 < 17.11.4

GitLab 18.0 < 18.0.2

News Articles

BleepingComputer

CVE-2025-5121

GitLab patches high severity account takeover, missing auth issues

GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.

1 week ago

References

https://gitlab.com/gitlab-org/gitlab/-/issues/545429

issue-trackingpermissions-required

https://hackerone.com/reports/3153908

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
📰
First article discovered by BleepingComputer
Jun 12, 2025
Vulnerability Reserved
May 23, 2025

Credit

Thanks [jean_d-ou](https://hackerone.com/jean_d-ou) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

Badges

What is CVE-2025-5121?

Affected Version(s)

News Articles

GitLab patches high severity account takeover, missing auth issues

References

CVSS V3.1

Timeline

Credit