VYPR
Unrated severityOSV Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

Missing Authorization in GitLab

CVE-2025-13781

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabOSV2 versions
    v18.5.0-ee, v18.6.0-ee, v18.7.0-ee+ 1 more
    • (no CPE)range: v18.5.0-ee, v18.6.0-ee, v18.7.0-ee
    • (no CPE)range: >= 18.5, < 18.5.5; >= 18.6, < 18.6.3; >= 18.7, < 18.7.1
  • osv-coords
    Range: >= 18.5.0, < 18.5.5

Patches

Vulnerability mechanics

References

3

News mentions

1