Vulnerability Details CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.1%
CVSS Severity
CVSS v3 Score 8.5
References
Products affected by CVE-2025-5121
-
cpe:2.3:a:gitlab:gitlab:17.11.0
-
cpe:2.3:a:gitlab:gitlab:17.11.1
-
cpe:2.3:a:gitlab:gitlab:17.11.2
-
cpe:2.3:a:gitlab:gitlab:17.11.3
-
cpe:2.3:a:gitlab:gitlab:18.0.0
-
cpe:2.3:a:gitlab:gitlab:18.0.1