CVE-2025-5195

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/534960	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:18.0.0::::community:::
	cpe:2.3:a:gitlab:gitlab:18.0.0::::enterprise:::

History

No history.

Information

Published : 2025-06-12 11:15

Updated : 2025-08-08 18:21

NVD link : CVE-2025-5195

Mitre link : CVE-2025-5195

CVE.ORG link : CVE-2025-5195

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-5195", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-06-12T11:15:19.647", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/534960", "tags": ["Exploit", "Issue Tracking"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure."}, {"lang": "es", "value": "Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 17.9 hasta la 17.10.7), la 17.11 hasta la 17.11.3 y la 18.0 hasta la 18.0.1. Los usuarios autenticados pod\u00edan acceder a frameworks de cumplimiento arbitrarios, lo que provocaba la divulgaci\u00f3n no autorizada de datos."}], "lastModified": "2025-08-08T18:21:19.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C7A341DC-6679-4B9F-87FC-18CE5ACB0E44", "versionEndExcluding": "17.10.7", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FE404772-0AE4-43C4-87A0-2486808CD6F9", "versionEndExcluding": "17.10.7", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "194F7832-AEB6-4CD4-8CA8-81D8BF1666C9", "versionEndExcluding": "17.11.3", "versionStartIncluding": "17.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "85308EBB-8AB6-4344-9944-D124878DA138", "versionEndExcluding": "17.11.3", "versionStartIncluding": "17.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F28C32-4C21-4EE4-985C-34BD8C9FE300"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "52187A72-1412-48DE-90DD-2948630CFC19"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}