Home > Vulnerability Database > CVE-2025-2498

Mend.io Vulnerability Database

CVE-2025-2498

Good to know:

Date: August 13, 2025

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

Severity Score

3.1

Related Resources (4)

Url: https://hackerone.com/reports/3037722

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/525515

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2498

Url: https://www.mend.io/vulnerability-database/CVE-2025-2498

Severity Score

3.1

Weakness Type (CWE)

Insufficient Granularity of Access Control

CWE-1220

Top Fix

Upgrade Version

Upgrade to version https://gitlab.com/gitlab-org/gitlab.git - v18.0.6-ee;https://gitlab.com/gitlab-org/gitlab.git - v18.1.4-ee;https://gitlab.com/gitlab-org/gitlab.git - v18.2.2-ee

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2498

Good to know:

Date: August 13, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?