CNNVD-202509-4170 Information

Sep 26, 2025 cve

CNNVD ID

CNNVD-202509-4170

CVE-2025-10871

CNNVD Published: 2025-09-26

Description (Chinese)

GitLab Enterprise Edition（EE）是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition 16.6版本至18.2.7之前版本、18.3版本至18.3.3之前版本和18.4版本至18.4.1之前版本存在安全漏洞，该漏洞源于项目维护者可为用户分配超出自身权限的自定义角色，可能导致权限提升。

Description (English)

GitLab Enterprise Edition (EE) is a content management system for GitLab in the United States. There is a security gap between Gitlab Enterprise 16.6 and 18.2.7, 18.3 to 18.3.3, and 18.4 to 18.4.1, which arises from the fact that the project maintainer can assign to the user a self-defined role that exceeds its own privileges, which may lead to an increase in privileges.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-09-26

Last Modified

2026-02-24

References

https://gitlab.com/gitlab-org/gitlab/-/issues/569482 https://vigilance.fr/vulnerability/GitLab-CE-EE-multiple-vulnerabilities-dated-26-09-2025-48317 https://access.redhat.com/security/cve/cve-2025-10871

Patch

https://about.gitlab.com/

Share on: