CVE-2025-11340: 
GitLab vulnerability analysis and mitigation

GitLab has identified and remediated a high-severity vulnerability (CVE-2025-11340) affecting GitLab Enterprise Edition (EE). The vulnerability affects all versions from 18.3 to 18.3.4 and 18.4 to 18.4.2. Under certain conditions, this flaw could allow authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations (GitLab Release, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.7 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N. The issue is classified under CWE-863 (Incorrect Authorization) and specifically involves incorrectly scoped GraphQL mutations that could be exploited to bypass intended access controls (GitLab Release, NVD).

The vulnerability allows authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records, potentially compromising the integrity of vulnerability management systems within affected GitLab installations (GitLab Release).

GitLab has released patches in versions 18.4.2, 18.3.4, and 18.2.8. Organizations running affected versions are strongly recommended to upgrade to these patched versions immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take any action (GitLab Release).

The security community has noted this as one of multiple high-severity vulnerabilities addressed in GitLab's latest security update, with particular attention given to its potential impact on enterprise environments (GBHackers).