VDB

CVE-2025-11247

CVE-2025-11247 PUBLISHED

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.

EPSS 0.02% · 4.6th percentile

Risk Scores

EPSS Score
0.02%
4.6th percentile

Affected Products

VendorProductVersions
Bitnamigitlab13.2.0, 18.5.0, 18.6.0
Bitnamigitlab18.6.0, 18.5.0, 13.2.0

Timeline

  • Dec 11, 2025 CVE Published
  • Dec 11, 2025 EPSS Score
  • Dec 11, 2025 PoC Published
  • Dec 11, 2025 PoC Published
  • Dec 15, 2025 EPSS Score
  • Dec 19, 2025 EPSS Score
  • Dec 23, 2025 EPSS Score
  • Dec 28, 2025 EPSS Score
  • Jan 1, 2026 EPSS Score
  • Jan 5, 2026 EPSS Score
  • Jan 9, 2026 EPSS Score
  • Jan 13, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›