CVE-2025-4972

LOW EPSS 23.4%

Published Jul 10, 202511mo ago · Modified Jun 17, 20261w ago

2.7 CVSS 3.1

Low

Published Jul 10, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

CVSS Details

Base Score

2.7

Exploitability

1.2

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality None

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

23.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 2

Vendor	Product	Version	Range
gitlab	gitlab	*	≥18.0.0 – <18.0.4
gitlab	gitlab	*	≥18.1.0 – <18.1.2

References 2

gitlab.com https://gitlab.com/gitlab-org/gitlab/-/issues/543816

Broken Link
hackerone.com https://hackerone.com/reports/3148693

Permissions Required

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.