CVE-2025-5121

High CVSS 8.5

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.

CWE: CWE-862 Published: 2025-06-20T18:15:28.913

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.5 (HIGH)
Detected tags: misconfiguration (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags