VDB

CVE-2025-2615

CVE-2025-2615 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections.

EPSS 0.01% · 2.7th percentile

Risk Scores

EPSS Score
0.01%
2.7th percentile

Affected Products

VendorProductVersions
Bitnamigitlab16.7.0, 18.4.0, 18.5.0
Bitnamigitlab18.4.0, 18.5.0, 16.7.0

Timeline

  • Nov 13, 2025 CVE Published
  • Nov 15, 2025 EPSS Score
  • Nov 20, 2025 EPSS Score
  • Nov 21, 2025 CVE Updated
  • Nov 25, 2025 EPSS Score
  • Nov 30, 2025 EPSS Score
  • Dec 5, 2025 EPSS Score
  • Dec 10, 2025 EPSS Score
  • Dec 15, 2025 EPSS Score
  • Dec 20, 2025 EPSS Score
  • Dec 25, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›