CVE-2025-7736 — Vulnetix

CVE-2025-7736 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers.

EPSS 0.01% · 2.3th percentile

Risk Scores

EPSS Score

0.01%

2.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	18.4.0, 18.5.0, 17.9.0
Bitnami	gitlab	17.9.0, 18.5.0, 18.4.0

Timeline

Nov 13, 2025 CVE Published
Nov 15, 2025 EPSS Score
Nov 20, 2025 EPSS Score
Nov 25, 2025 EPSS Score
Nov 30, 2025 EPSS Score
Dec 5, 2025 EPSS Score
Dec 10, 2025 EPSS Score
Dec 15, 2025 EPSS Score
Dec 20, 2025 EPSS Score
Dec 25, 2025 EPSS Score
Dec 30, 2025 EPSS Score
Jan 4, 2026 EPSS Score

References

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/556098 url
https://hackerone.com/reports/3250156 url
https://nvd.nist.gov/vuln/detail/CVE-2025-7736 url

Open in Interactive Console →