CVE-2025-6168

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-6168
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6168.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-6168
Aliases
Published
2025-07-10T08:30:54.721Z
Modified
2026-04-10T05:32:40.634355Z
Severity
  • 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Incorrect Authorization in GitLab
Details

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/6xxx/CVE-2025-6168.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
504fd9e5236e13d674e051c6b8a1e9892b371c58
Fixed
47fe1a97b4e6da353e1721a4c750b3fa0770d2e2
Database specific 
{
    "versions": [
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.0.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93
Fixed
cd9f1ac5ba97500e5e32be592fea3f81c9deb8d9
Database specific 
{
    "versions": [
        {
            "introduced": "18.1"
        },
        {
            "fixed": "18.1.2"
        }
    ]
}

Affected versions

v18.*
v18.0.0-ee
v18.1.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6168.json"