PT-2025-25366 · Gitlab · Gitlab Ce/Ee

Published

2025-06-11

Updated

2025-08-12

CVE-2025-5121

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitLab Enterprise Edition (EE) (affected versions not specified)

Description The issue is related to insufficient authorization procedures in the GitLab Enterprise Edition platform, which can be exploited by a remote attacker to gain read and modify access to data. It has been noted that a missing authorization flaw permitted attackers to inject malicious jobs into future pipelines, risking unauthorized code execution, but this required authenticated access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2025-06828

BIT-GITLAB-2025-5121

CVE-2025-5121

Affected Products

Gitlab Ce/Ee

PT-2025-25366 · Gitlab · Gitlab Ce/Ee

CVE-2025-5121

Weakness Enumeration

Related Identifiers

Affected Products

References · 22