CVE-2025-5121
published 2025-06-20CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have…
PriorityP264critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
6.53%
92.9th percentile
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 17.11 < 17.11.4 | 17.11.4 |
| gitlab | gitlab | >= 17.11.0 < 17.11.4 | 17.11.4 |
| gitlab | gitlab | >= 18.0 < 18.0.2 | 18.0.2 |
| gitlab | gitlab | >= 18.0.0 < 18.0.2 | 18.0.2 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-5121 affects GitLab Ultimate EE and allows remote authenticated attackers to inject malicious CI/CD jobs into any project's future CI/CD pipelines via a missing authorization check on compliance frameworks. ↗
- →Exploitation requires authenticated access to a GitLab instance running a GitLab Ultimate license; unauthenticated exploitation is not possible. ↗
- →Vulnerable GitLab versions are 17.11 up to (not including) 17.11.4 and 18.0 up to (not including) 18.0.2; monitor for unpatched self-managed instances running these version ranges. ↗
- →The vulnerability stems from a missing authorization check that may allow compliance frameworks to be applied to projects outside the compliance framework's group — audit logs for unexpected cross-group compliance framework assignments should be reviewed. ↗
- ·Only GitLab Ultimate EE (Enterprise Edition) instances are exploitable for the CI/CD pipeline injection primitive; CE installations are affected by the compliance framework misapplication but may not expose the full pipeline injection impact. ↗
- ·GitLab.com (SaaS) is already patched; only self-managed GitLab installations in the affected version ranges require action. GitLab Dedicated customers do not need to take action. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv9.9CRITICAL
vendor_debian8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pmjq-38q6-fxx9: An issue has been discovered in GitLab CE/EE affecting all versions from 17
ghsa_unreviewed·2025-06-20
CVE-2025-5121 [HIGH] CWE-862 GHSA-pmjq-38q6-fxx9: An issue has been discovered in GitLab CE/EE affecting all versions from 17
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
OSV
CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17
osv·2025-06-20·CVSS 9.9
CVE-2025-5121 [CRITICAL] CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
GitLab
CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check ma
vendor_gitlab·2025-06-20·CVSS 8.5
CVE-2025-5121 [HIGH] CWE-862 CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check ma
CVE-2025-5121: An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Debian
CVE-2025-5121: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 b...
vendor_debian·2025·CVSS 8.5
CVE-2025-5121 [HIGH] CVE-2025-5121: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 b...
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Scope: local
sid: open
Citrix
Citrix Security Bulletin CTX117751
vendor_citrix·CVSS 7.2
CVE-2008-5121 [HIGH] Citrix Security Bulletin CTX117751
Citrix Security Bulletin CTX117751
CVE References: CVE-2008-5121, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
Checkpoint
16th June – Threat Intelligence Report
blogs_checkpoint·2025-06-16
CVE-2025-33053 16th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
One of South Korea’s largest ticketing platforms Yes24 has been a victim of a ransomware attack that resulted in a four-day service outage, disrupting online bookings for concerts, e-book access, and community forums. The incident has caused significant turmoil in the entertainment industry, forcing event cancellations and dela
Bleepingcomputer
GitLab patches high severity account takeover, missing auth issues
blogs_bleepingcomputer·2025-06-12·CVSS 7.5
[HIGH] GitLab patches high severity account takeover, missing auth issues
## GitLab patches high severity account takeover, missing auth issues
## Sergiu Gatlan
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines.
The company released GitLab Community and Enterprise versions 18.0.2, 17.11.4, and 17.10.8 to address these security flaws and urged all admins to upgrade immediately.
"These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately," the company warned . "GitLab.com is already running the patched version. GitLab Dedicated customers do not need to take action."
On Wednesday, GitLab
2025-06-20
Published