CNNVD-202509-4122 Information

Sep 26, 2025 cve

CNNVD ID

CNNVD-202509-4122

CVE-2025-7691

CNNVD Published: 2025-09-26

Description (Chinese)

GitLab Enterprise Edition（EE）是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 16.6版本至18.2.7之前版本、18.3版本至18.3.3之前版本和18.4版本至18.4.1之前版本存在安全漏洞，该漏洞源于特定组管理权限的开发者可能提升权限，导致未经授权访问额外系统功能。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security loophole between Gitlab Enterprise 16.6 and 18.2.7, 18.3 to 18.3.3 and 18.4 to 18.4.1, which stems from the possibility that developers of specific group management privileges may increase their access to additional system functionality without authorization.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gitea

Published

2025-09-26

Last Modified

2026-02-24

References

https://hackerone.com/reports/3200469 https://gitlab.com/gitlab-org/gitlab/-/issues/555786 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-26-09-2025-48317 https://access.redhat.com/security/cve/cve-2025-7691

Patch

https://about.gitlab.com/

Share on: