VDB
CVE-2025-2615
CVE-2025-2615
PUBLISHED
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections.
EPSS 0.01% · 2.7th percentile
Risk Scores
EPSS Score
0.01%
2.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 16.7.0, 18.4.0, 18.5.0 |
| Bitnami | gitlab | 18.4.0, 18.5.0, 16.7.0 |
Exploit Intelligence
Timeline
- Nov 13, 2025 CVE Published
- Nov 15, 2025 EPSS Score
- Nov 20, 2025 EPSS Score
- Nov 21, 2025 CVE Updated
- Nov 25, 2025 EPSS Score
- Nov 30, 2025 EPSS Score
- Dec 5, 2025 EPSS Score
- Dec 10, 2025 EPSS Score
- Dec 15, 2025 EPSS Score
- Dec 20, 2025 EPSS Score
- Dec 25, 2025 EPSS Score
- Dec 30, 2025 EPSS Score