CVE-2025-4972

LOW

Gitlab < 18.0.4 - Incorrect Authorization

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

References (2)

Scores

CVSS v3 2.7
EPSS 0.0001
EPSS Percentile 2.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-863
Status published

Affected Products (1)

gitlab/gitlab < 18.0.4

Timeline

Published Jul 10, 2025
Tracked Since Feb 18, 2026