CVE-2025-10871

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.6 through 18.2.7 GitLab EE versions 18.3 through 18.3.3 GitLab EE versions 18.4 through 18.4.1 sudo (affected versions not specified)

Description A security issue exists in GitLab EE where Project Maintainers can assign custom roles to users, potentially granting themselves elevated privileges beyond their authorized access level. In sudo on OracleLinux 7, a heap overflow can lead to local privilege escalation to root via exploitation of the -s flag.

Recommendations Update GitLab EE to version 18.2.8 or later. Update GitLab EE to version 18.3.4 or later. Update GitLab EE to version 18.4.2 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.