Access Control Vulnerability in GitLab EE Affecting Specific Versions
CVE-2025-8770

6.5MEDIUM

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
13 August 2025

What is CVE-2025-8770?

A security issue has been identified in GitLab EE that affects various versions, enabling authenticated users with certain permissions to manipulate approval rule identifiers. This manipulation could lead to the bypassing of established merge request approval policies, potentially compromising the integrity of code contributions within the platform. Organizations using affected versions should prioritize applying the necessary patches to bolster their security posture.

Affected Version(s)

GitLab 18.0 < 18.0.6

GitLab 18.1 < 18.1.4

GitLab 18.2 < 18.2.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This vulnerability has been discovered internally by GitLab team member [Dominic Bauer](https://gitlab.com/bauerdominic).
.
CVE-2025-8770 : Access Control Vulnerability in GitLab EE Affecting Specific Versions