Gitlab · Gitlab Ce/Ee · CVE-2025-11340
**Name of the Vulnerable Software and Affected Versions**
GitLab EE versions 18.3 through 18.3.4
GitLab EE versions 18.4 through 18.4.2
**Description**
An authorization issue exists in the GitLab EE GraphQL API. Incorrectly scoped GraphQL mutations could allow authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records under certain conditions. The issue allows for unauthorized modification of vulnerability data.
**Recommendations**
Update GitLab EE from versions 18.3 through 18.3.4 to a newer, fixed version.
Update GitLab EE from versions 18.4 through 18.4.2 to a newer, fixed version.