PT-2025-48180 · Gitlab · Gitlab Ce/Ee

Published

2025-11-26

Updated

2025-12-02

CVE-2025-12653

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.3 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 GitLab CE/EE versions 18.6 through 18.6.0

Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to join arbitrary organizations by manipulating headers within HTTP requests.

Recommendations Update GitLab CE/EE to version 18.4.5 or later. Update GitLab CE/EE to version 18.5.3 or later. Update GitLab CE/EE to version 18.6.1 or later.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

BDU:2025-16470

BIT-GITLAB-2025-12653

CVE-2025-12653

Affected Products

Gitlab Ce/Ee

PT-2025-48180 · Gitlab · Gitlab Ce/Ee

CVE-2025-12653

Weakness Enumeration

Related Identifiers

Affected Products

References · 11