CVE-2025-9958

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab14.10 < 18.2.7affected
GitLabGitLab18.3 < 18.3.3affected
GitLabGitLab18.4 < 18.4.1affected

Weaknesses

  • CWE-201: CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References