Vulnerability Details CVE-2025-4972
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.6%
CVSS Severity
CVSS v3 Score 2.7
References
Products affected by CVE-2025-4972
-
cpe:2.3:a:gitlab:gitlab:18.0.0
-
cpe:2.3:a:gitlab:gitlab:18.0.1
-
cpe:2.3:a:gitlab:gitlab:18.0.2
-
cpe:2.3:a:gitlab:gitlab:18.0.3
-
cpe:2.3:a:gitlab:gitlab:18.1.0
-
cpe:2.3:a:gitlab:gitlab:18.1.1