CVE-2025-2242
March 27, 2025
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.
Affected Packages
https://gitlab.com/gitlab-org/gitlab.git (SCM_GIT):
Affected version(s) =v17.10.0-ee <v17.10.1-eeFix Suggestion:
Update to version v17.10.1-eehttps://gitlab.com/gitlab-org/gitlab.git (SCM_GIT):
Affected version(s) >=v17.9.0-ee <v17.9.3-eeFix Suggestion:
Update to version v17.9.3-eehttps://gitlab.com/gitlab-org/gitlab.git (SCM_GIT):
Affected version(s) >=v17.4.0-ee <v17.8.6-eeFix Suggestion:
Update to version v17.8.6-eeRelated ResourcesĀ (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Incorrect Authorization
EPSS
Base Score:
0.03
