Vulnerability DatabaseCVE-2025-0605

CVE-2025-0605:
GitLab vulnerability analysis and mitigation

Overview

A security vulnerability (CVE-2025-0605) was discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The vulnerability relates to group access controls that could potentially allow certain users to bypass two-factor authentication requirements (GitLab Patch, CVE Details).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. The weakness has been categorized as CWE-1390 (Weak Authentication) (NVD).

Impact

The vulnerability could allow authenticated users with certain permissions to bypass two-factor authentication requirements, potentially compromising the security of affected GitLab installations (GitLab Patch).

Mitigation and workarounds

GitLab has released patches in versions 17.10.7, 17.11.3, and 18.0.1 to address this vulnerability. It is strongly recommended that all affected installations be upgraded to the latest version immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take action (GitLab Patch).