CVE-2025-2498 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2025-2498?

CVE-2025-2498 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-2498?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.

Vulnerability Description

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gitlab	Gitlab	>= 12.0.0, < 18.0.6

Related Weaknesses (CWE)

CWE-1220

References

https://gitlab.com/gitlab-org/gitlab/-/issues/525515Broken Link
https://hackerone.com/reports/3037722Permissions Required

FAQ

What is CVE-2025-2498?

CVE-2025-2498 is a vulnerability with a CVSS score of 3.1 (LOW). An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view ...

How severe is CVE-2025-2498?

CVE-2025-2498 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2498?

Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.