CVE-2025-2045

Summary

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab17.7.0 < 17.7.6affected
GitLabGitLab17.8 < 17.8.4affected
GitLabGitLab17.9 < 17.9.1affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References