CVE-2025-11989

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:18.5.0::::enterprise:::

History

28 Oct 2025, 13:38

Type	Values Removed	Values Added
References	~~() https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ -~~	() https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ - Release Notes, Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426 -~~	() https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:18.5.0::::enterprise:::
First Time		Gitlab Gitlab gitlab

27 Oct 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-27 00:15

Updated : 2025-10-28 13:38

NVD link : CVE-2025-11989

Mitre link : CVE-2025-11989

CVE.ORG link : CVE-2025-11989

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-11989", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2025-10-27T00:15:40.927", "references": [{"url": "https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions."}], "lastModified": "2025-10-28T13:38:41.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "090E4997-CCB2-48AC-9796-56FBE599958D", "versionEndExcluding": "18.3.5", "versionStartIncluding": "17.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "425AEB81-EA04-4702-99F8-B623614F6901", "versionEndExcluding": "18.4.3", "versionStartIncluding": "18.4.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.5.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF08EA3-6D3E-4388-BA9D-A992B771998F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}