VYPR
Unrated severityNVD Advisory· Published Nov 15, 2025· Updated Nov 17, 2025

Insertion of Sensitive Information Into Sent Data in GitLab

CVE-2025-2615

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

55

Patches

Vulnerability mechanics

References

3

News mentions

1