How to fix EUVD-2025-19171?

Within 30 days: Identify affected systems running GitLab CE/EE affecting all and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by EUVD-2025-19171?

Organizations using GitLab CE/EE affecting all should be aware of moderate risk from CVE-2025-5315, a missing authorization vulnerability rated CVSS 4.3. Attackers could gain access beyond their authorized level. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-19171

| CVE-2025-5315 MEDIUM

2025-06-26 [email protected]

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2025-19171

CVE Published

Jun 26, 2025 - 06:15 nvd

MEDIUM 4.3

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

Analysis

Technical Context

This vulnerability is classified as Missing Authorization (CWE-862).

Affected Products

Affected products: Gitlab Gitlab

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gitlab

Release	Status	Version
xenial	ignored	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-

Debian

gitlab

Release	Status	Fixed Version	Urgency
sid	vulnerable	17.6.5-19	-
(unstable)	fixed	(unfixed)	-

EUVD-2025-19171 vulnerability details – vuln.today

Back

EUVD-2025-19171

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-19171

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code