CVE-2025-6601

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6601

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6601.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-6601

Aliases

BIT-gitlab-2025-6601

Downstream

UBUNTU-CVE-2025-6601

Published

2025-10-27T00:15:41Z

Modified

2025-10-30T00:18:54.955319Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

9255f56b45844196bb7657a9f1fde6aa65a5d08d

Fixed

4912fab157d78c195127403650672db8551e59b2

Affected versions

v18.*

v18.4.0-ee

v18.4.1-ee

v18.4.2-ee