PT-2025-47052 · Gitlab · Gitlab Ce/Ee

Published

2025-11-12

Updated

2025-11-15

CVE-2025-7000

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.6 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2

Description A flaw exists in GitLab CE/EE that, in certain situations, could allow unauthorized users to view confidential branch names. This is possible by accessing project issues that have associated merge requests.

Recommendations Update GitLab CE/EE to version 18.3.6 or later. Update GitLab CE/EE to version 18.4.4 or later. Update GitLab CE/EE to version 18.5.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

BDU:2025-14468

BIT-GITLAB-2025-7000

CVE-2025-7000

Affected Products

Gitlab Ce/Ee

PT-2025-47052 · Gitlab · Gitlab Ce/Ee

CVE-2025-7000

Weakness Enumeration

Related Identifiers

Affected Products

References · 10