Unauthorized Data Disclosure Vulnerability in GitLab CE/EE
CVE-2025-5195

4.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-5195?

A vulnerability has been identified in GitLab CE/EE that enables authenticated users to exploit the system and gain unauthorized access to compliance frameworks. This may lead to potential data leakage, allowing misuse of sensitive information across the platform. The issue affects multiple versions and underscores the need for immediate action to secure any impacted deployments.

Affected Version(s)

GitLab 17.9 < 17.10.8

GitLab 17.11 < 17.11.4

GitLab 18.0 < 18.0.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/534960

issue-trackingpermissions-required

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
May 26, 2025

Credit

This vulnerability has been discovered internally by GitLab team.