CVE-2025-11865

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-11865

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11865.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-11865

Aliases

BIT-gitlab-2025-11865

Downstream

UBUNTU-CVE-2025-11865

Published

2025-11-15T08:03:59.731Z

Modified

2025-11-21T09:49:02.074184Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Incorrect Authorization in GitLab

Details

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93

Fixed

424c6d1f82a9a32df34d8059f2dadc30d356ff65

Database specific

{
    "versions": [
        {
            "introduced": "18.1"
        },
        {
            "fixed": "18.3.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

9255f56b45844196bb7657a9f1fde6aa65a5d08d

Fixed

e2798305dc3604e272e12a319a932e96c3540374

Database specific

{
    "versions": [
        {
            "introduced": "18.4"
        },
        {
            "fixed": "18.4.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

37cc4da7158316bb9b204cef9b056f16fff1df32

Fixed

cb961538ba8e451246e168e7bbd5b1e04f69102a

Database specific

{
    "versions": [
        {
            "introduced": "18.5"
        },
        {
            "fixed": "18.5.2"
        }
    ]
}

Affected versions

v18.*

v18.4.0-ee

v18.4.1-ee

v18.4.2-ee

v18.4.3-ee

v18.5.0-ee

v18.5.1-ee