VDB
ANCHORE-2025-2615
ANCHORE-2025-2615
PUBLISHED
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GitLab | GitLab Enterprise | 16.7, 18.4, 18.5 |
| GitLab | GitLab | 16.7, 18.4, 18.5 |
Timeline
- Nov 15, 2025 CVE Published
- Nov 17, 2025 CVE Updated