CVE-2025-0765

MEDIUM

GitLab CE/EE <18.0.5-18.2.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses.

References (2)

Core 2
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/515381
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/2956315

Scores

CVSS v3 4.3
EPSS 0.0007
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (2)
gitlab/gitlab 18.2 (2 CPE variants)
gitlab/gitlab 17.9.0 - 18.0.5 (2 CPE variants)
Published Jul 24, 2025
Tracked Since Feb 18, 2026