VYPR
Unrated severityNVD Advisory· Published Nov 21, 2025· Updated Nov 24, 2025

Missing Authorization in GitLab

CVE-2025-9825

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

3

News mentions

1
CVE-2025-9825 · VYPR