CVE-2025-0652: Incorrect Authorization in GitLab
First published: Thu Mar 13 2025(Updated: )
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=16.9<17.7.7>=17.8<17.8.5>=17.9<17.9.2 |
Remedy
Upgrade to versions 17.7.7, 17.8.5, 17.9.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0652?
CVE-2025-0652 is considered a critical vulnerability due to its potential to expose confidential information to unauthorized users.
How do I fix CVE-2025-0652?
To fix CVE-2025-0652, upgrade your GitLab EE/CE to version 17.8.5 or later, or to version 17.9.2 or later.
What versions are affected by CVE-2025-0652?
CVE-2025-0652 affects GitLab EE/CE versions from 16.9 to 17.7.7, from 17.8 to 17.8.5, and from 17.9 to 17.9.2.
What kind of information can be exposed by CVE-2025-0652?
CVE-2025-0652 allows unauthorized users to access confidential information intended for internal users only.
Is there a workaround for CVE-2025-0652?
There are no known workarounds for CVE-2025-0652; users must upgrade to a patched version to mitigate the risk.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/author
- agent/severity
- agent/tags
- agent/event
- vendor/gitlab
- canonical/gitlab