VDB
CVE-2025-11247
CVE-2025-11247
PUBLISHED
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.
EPSS 0.02% · 4.6th percentile
Risk Scores
EPSS Score
0.02%
4.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 13.2.0, 18.5.0, 18.6.0 |
| Bitnami | gitlab | 18.6.0, 18.5.0, 13.2.0 |
Timeline
- Dec 11, 2025 CVE Published
- Dec 11, 2025 EPSS Score
- Dec 11, 2025 PoC Published
- Dec 11, 2025 PoC Published
- Dec 15, 2025 EPSS Score
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 28, 2025 EPSS Score
- Jan 1, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 13, 2026 EPSS Score