vulnerability

Gitlab Gitlab: CVE-2025-2498: Insufficient Granularity of Access Control

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:P/I:N/A:N)	Aug 13, 2025	Sep 18, 2025	Sep 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:N/A:N)

Published

Aug 13, 2025

Added

Sep 18, 2025

Modified

Sep 18, 2025

Description

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-1220
CVE-2025-2498
https://attackerkb.com/topics/CVE-2025-2498
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/525515
URL-https://hackerone.com/reports/3037722

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today