PT-2025-41364 · Gitlab · Gitlab Ce/Ee

Brian Williams

Published

2025-10-08

Updated

2025-10-20

CVE-2025-11340

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.3 through 18.3.4 GitLab EE versions 18.4 through 18.4.2

Description An authorization issue exists in the GitLab EE GraphQL API. Incorrectly scoped GraphQL mutations could allow authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records under certain conditions. The issue allows for unauthorized modification of vulnerability data.

Recommendations Update GitLab EE from versions 18.3 through 18.3.4 to a newer, fixed version. Update GitLab EE from versions 18.4 through 18.4.2 to a newer, fixed version.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-14463

BIT-GITLAB-2025-11340

CVE-2025-11340

Affected Products

Gitlab Ce/Ee

PT-2025-41364 · Gitlab · Gitlab Ce/Ee

CVE-2025-11340

Weakness Enumeration

Related Identifiers

Affected Products

References · 18