Home > Vulnerability Database > CVE-2025-2045

Mend.io Vulnerability Database

CVE-2025-2045

Date: March 6, 2025

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.

Severity Score

4.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2045

Url: https://hackerone.com/reports/2921111

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/512050

Url: https://www.mend.io/vulnerability-database/CVE-2025-2045

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2045

Date: March 6, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?