Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Aug 27, 2025
Missing Authorization in GitLab
CVE-2025-2246
Description
An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 0
- (no CPE)range: before 18.1.5, 18.2 before 18.2.5, 18.3 before 18.3.1
- osv-coords37 versionspkg:apk/chainguard/gitlab-docker-machine-18.1pkg:apk/chainguard/gitlab-docker-machine-18.2pkg:apk/chainguard/gitlab-docker-machine-fips-18.1pkg:apk/chainguard/gitlab-docker-machine-fips-18.2pkg:apk/chainguard/gitlab-runner-18.1pkg:apk/chainguard/gitlab-runner-18.2pkg:apk/chainguard/gitlab-runner-fips-18.1pkg:apk/chainguard/gitlab-runner-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-18.1pkg:apk/chainguard/gitlab-runner-helper-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.2pkg:apk/wolfi/gitlab-docker-machine-18.1pkg:apk/wolfi/gitlab-docker-machine-18.2pkg:apk/wolfi/gitlab-runner-18.1pkg:apk/wolfi/gitlab-runner-18.2pkg:apk/wolfi/gitlab-runner-helper-18.1pkg:apk/wolfi/gitlab-runner-helper-18.2pkg:apk/wolfi/gitlab-runner-helper-compat-18.1pkg:apk/wolfi/gitlab-runner-helper-compat-18.2pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.2pkg:bitnami/gitlab
< 18.1.3-r1+ 36 more
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.5
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/3026559mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/524592mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 18.3.1, 18.2.5, 18.1.5GitLab Security Releases · Aug 27, 2025