Vulnerability Details CVE-2025-5195
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2025-5195
-
cpe:2.3:a:gitlab:gitlab:17.10.0
-
cpe:2.3:a:gitlab:gitlab:17.10.1
-
cpe:2.3:a:gitlab:gitlab:17.10.2
-
cpe:2.3:a:gitlab:gitlab:17.10.3
-
cpe:2.3:a:gitlab:gitlab:17.10.4
-
cpe:2.3:a:gitlab:gitlab:17.10.5
-
cpe:2.3:a:gitlab:gitlab:17.10.6
-
cpe:2.3:a:gitlab:gitlab:17.11.0
-
cpe:2.3:a:gitlab:gitlab:17.11.1
-
cpe:2.3:a:gitlab:gitlab:17.11.2
-
cpe:2.3:a:gitlab:gitlab:17.9.0
-
cpe:2.3:a:gitlab:gitlab:17.9.1
-
cpe:2.3:a:gitlab:gitlab:17.9.2
-
cpe:2.3:a:gitlab:gitlab:17.9.3
-
cpe:2.3:a:gitlab:gitlab:17.9.4
-
cpe:2.3:a:gitlab:gitlab:17.9.5
-
cpe:2.3:a:gitlab:gitlab:17.9.6
-
cpe:2.3:a:gitlab:gitlab:17.9.7
-
cpe:2.3:a:gitlab:gitlab:17.9.8
-
cpe:2.3:a:gitlab:gitlab:18.0.0