CVE-2025-2045: Incorrect Authorization in GitLab
First published: Thu Mar 06 2025(Updated: )
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Enterprise Edition | >=17.7<17.7.6>=17.8<17.8.4>=17.9<17.9.1 |
Remedy
Upgrade to version 17.7.6, 17.8.4 or 17.9.1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2045?
CVE-2025-2045 is considered a high severity vulnerability due to improper authorization that allows unauthorized access to sensitive project analytics data.
How do I fix CVE-2025-2045?
To fix CVE-2025-2045, upgrade GitLab EE to version 17.7.6, 17.8.4, or 17.9.1 or later.
What versions are affected by CVE-2025-2045?
CVE-2025-2045 affects GitLab EE versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1.
What type of data is exposed in CVE-2025-2045?
CVE-2025-2045 allows users with limited permissions to access potentially sensitive project analytics data.
Who is impacted by CVE-2025-2045?
Organizations using the affected versions of GitLab EE may be impacted by CVE-2025-2045 due to unauthorized access risks.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/type
- agent/title
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/source
- agent/tags
- agent/event
- vendor/gitlab
- canonical/gitlab enterprise edition