Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

  • Published: Jun 26, 2025
  • Updated: Aug 13, 2025
  • CVE: CVE-2025-5846
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 18.0.0 18.0.3
gitlab / gitlab 18.1.0 18.1.0.x
gitlab / gitlab 16.10.0 17.11.5