CVE-2025-8770

MEDIUM

Gitlab < 18.0.6 - IDOR

Title source: rule

Description

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/549105

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 3.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-639

Status published

Affected Products (1)

gitlab/gitlab < 18.0.6

Timeline

Published Aug 13, 2025

Tracked Since Feb 18, 2026