CVE-2025-5819 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-5819

Modified

More Info Official Page

Source-cve@gitlab.com

Published At-13 Aug, 2025 | 18:15

Updated At-29 Aug, 2025 | 17:15

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.0	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CPE Matches

>>gitlab>>Versions from 15.7.0(inclusive) to 17.11.6(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 15.7.0(inclusive) to 17.11.6(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>Versions from 18.0.0(inclusive) to 18.0.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 18.0.0(inclusive) to 18.0.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-732	Secondary	cve@gitlab.com

CWE ID: CWE-732

Type: Secondary

Source: cve@gitlab.com

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/548165	cve@gitlab.com	Broken Link
https://hackerone.com/reports/3137660	cve@gitlab.com	Permissions Required

Hyperlink: https://gitlab.com/gitlab-org/gitlab/-/issues/548165

Source: cve@gitlab.com

Resource:

Broken Link

Hyperlink: https://hackerone.com/reports/3137660

Source: cve@gitlab.com

Resource:

Permissions Required