CVE-2025-4972

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4972

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4972.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4972

Aliases

BIT-gitlab-2025-4972

Published

2025-07-10T08:30:59.709Z

Modified

2026-04-10T05:29:03.152384Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Incorrect Authorization in GitLab

Details

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4972.json",
    "cna_assigner": "GitLab"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

504fd9e5236e13d674e051c6b8a1e9892b371c58

Fixed

47fe1a97b4e6da353e1721a4c750b3fa0770d2e2

Database specific

{
    "versions": [
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.0.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93

Fixed

cd9f1ac5ba97500e5e32be592fea3f81c9deb8d9

Database specific

{
    "versions": [
        {
            "introduced": "18.1"
        },
        {
            "fixed": "18.1.2"
        }
    ]
}

Affected versions

v18.*

v18.0.0-ee

v18.1.0-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4972.json"