PT-2025-47050 · Gitlab · Gitlab Ce/Ee
Published
2025-11-12
·
Updated
2025-11-15
·
CVE-2025-2615
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 16.7 through 18.3.6
GitLab CE/EE versions 18.4 through 18.4.4
GitLab CE/EE versions 18.5 through 18.5.2
Description
A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is possible by establishing GraphQL subscriptions through WebSocket connections.
Recommendations
Update GitLab CE/EE to a version after 18.3.6.
Update GitLab CE/EE to a version after 18.4.4.
Update GitLab CE/EE to a version after 18.5.2.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee