Incorrect Authorization in GitLab_CVE-2025-11971

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.

Basic Information

ID CVE-2025-11971

Source GitLab

Published Oct 27, 2025 at 00:05

Affected Product

Vendor GitLab

Product GitLab

Version 10.6

Affected Versions GitLab GitLab 10.6
GitLab GitLab 18.4
GitLab GitLab 18.5

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.",
    "published": "2025-10-27T00:05:34.305Z",
    "modified": "2025-10-27T00:05:34.305Z",
    "type": "cve",
    "title": "Incorrect Authorization in GitLab",
    "source": "GitLab",
    "references": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/566587",
    "id": "CVE-2025-11971",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 10.6\nGitLab GitLab 18.4\nGitLab GitLab 18.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "10.6",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}