CVE-2025-4972

EUVD-2025-20987
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gitlabgitlab
18.0.0 ≤
𝑥
< 18.0.4
gitlabgitlab
18.1.0 ≤
𝑥
< 18.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitlab.com/gitlab-org/gitlab/-/issues/543816
https://hackerone.com/reports/3148693