Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

  • Published: Aug 13, 2025
  • Updated: Aug 16, 2025
  • CVE: CVE-2025-2498
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 18.1.0 18.1.4
gitlab / gitlab 18.2.0 18.2.2
gitlab / gitlab 12.0.0 18.0.6