How to fix CVE-2025-5195?

Within 30 days: Identify affected systems running GitLab CE/EE affecting all and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by CVE-2025-5195?

Organizations using GitLab CE/EE affecting all should be aware of moderate risk from CVE-2025-5195, a IDOR vulnerability rated CVSS 4.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

CVE-2025-5195

EUVD-2025-18172 MEDIUM

2025-06-12 [email protected]

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:20 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:20 euvd

EUVD-2025-18172

PoC Detected

Aug 08, 2025 - 18:21 vuln.today

Public exploit code

CVE Published

Jun 12, 2025 - 11:15 nvd

MEDIUM 4.3

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

Analysis

Technical Context

This vulnerability is classified as Authorization Bypass Through User-Controlled Key (CWE-639).

Affected Products

Affected products: Gitlab Gitlab

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: +20

Vendor Status

Ubuntu

Priority: Medium

gitlab

Release	Status	Version
xenial	ignored	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-

Debian

gitlab

Release	Status	Fixed Version	Urgency
sid	fixed	17.6.5-19	-
(unstable)	not-affected	-	-

CVE-2025-5195 vulnerability details – vuln.today

Back

CVE-2025-5195

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-5195

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code