CVE-2025-2498

Medium

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2…

GitLab·CWE-1220·Published 2025-08-13

CVSS

4.3

EPSS

0.00

KEV

Exploits

cve.orgen

268 chars

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

NVDen

268 chars

NVDes

324 chars

Un control de acceso inadecuado en Gitlab EE que afecta a todas las versiones desde la 12.0 anterior a la 18.0.6, la 18.1 anterior a la 18.1.4 y la 18.2 anterior a la 18.2.2 que, bajo ciertas condiciones, podría haber permitido a los usuarios ver problemas asignados de grupos restringidos eludiendo las restricciones de IP.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.1	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N