Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-0765
CVE-2025-0765:
GitLab vulnerability analysis and mitigation
Overview
CVE-2025-0765 is a security vulnerability discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1. The vulnerability was disclosed on July 24, 2025, and allows unauthorized users to access custom service desk email addresses (GitLab Release, NVD).
Technical details
The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. It is categorized under CWE-863 (Incorrect Authorization), indicating an authorization-related security flaw (NVD, GitLab Release).
Impact
The vulnerability could allow unauthorized users to access custom service desk email addresses, potentially exposing sensitive communication channels (GitLab Release).
Mitigation and workarounds
GitLab has released patches to address this vulnerability in versions 18.0.5, 18.1.3, and 18.2.1. Users are strongly recommended to upgrade to these patched versions immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take action (GitLab Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management