ByteOS Network

NVD Vulnerability Details :

CVE-2025-2498

Analyzed

Source-cve@gitlab.com

Published At-13 Aug, 2025 | 18:15

Updated At-15 Aug, 2025 | 16:25

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CPE Matches

GitLab Inc.

>>gitlab>>Versions from 12.0.0(inclusive) to 18.0.6(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.2.0(inclusive) to 18.2.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-1220	Primary	cve@gitlab.com

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/525515	cve@gitlab.com	Broken Link
https://hackerone.com/reports/3037722	cve@gitlab.com	Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History