Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 9, 2025

Incorrect Authorization in GitLab

CVE-2025-11340

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

Affected products

GitLab Inc./GitLabv52 versions
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 18.3
- (no CPE)range: 18.3 to 18.3.4, 18.4 to 18.4.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/gitlab-org/gitlab/-/issues/567847mitreissue-trackingpermissions-required
about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/mitre

News mentions

GitLab Patch Release: 18.4.2, 18.3.4, 18.2.8
GitLab Security Releases · Oct 8, 2025

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000