CVE-2025-4972 Information

Description

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/543816 https://hackerone.com/reports/3148693