CVE-2025-1042: 
GitLab vulnerability analysis and mitigation

An insecure direct object reference vulnerability was discovered in GitLab Enterprise Edition (EE) affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. The vulnerability was disclosed on February 12, 2025, and allows unauthorized access to repository contents (GitLab Release, NVD).

The vulnerability is classified as a low severity issue with a CVSS score of 2.7 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). The issue specifically allows users with custom permissions to view contents of a repository even when such access should not be authorized (GitLab Release).

The vulnerability enables unauthorized viewing of repository contents, potentially exposing sensitive code or data to users who should not have access. This primarily affects organizations using GitLab Enterprise Edition with custom permission configurations (Security Online).

GitLab has released patches in versions 17.6.5, 17.7.4, and 17.8.2. Organizations are strongly recommended to upgrade to these patched versions immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take any action (GitLab Release).