CVE-2025-11865

🗓️ 15 Nov 2025 08:03:59Reported by GitLabType

CVE-2025-11865: GitLab allows removing another user's Duo flows via incorrect authorization.

Reporter	Title	Published	Views	Family All 17
FreeBSD	Gitlab -- vulnerabilities	12 Nov 202500:00	–	freebsd
CNNVD	GitLab 安全漏洞	15 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-11865 Incorrect Authorization in GitLab	15 Nov 202508:03	–	cvelist
Debian CVE	CVE-2025-11865	15 Nov 202508:03	–	debiancve
EUVD	EUVD-2025-197695	15 Nov 202509:30	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (5a1d6309-c04a-11f0-85d8-2cf05da270f3)	13 Nov 202500:00	–	nessus
Tenable Nessus	GitLab 18.1 < 18.3.6 / 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11865)	12 Feb 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-11865	18 Nov 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	18 Nov 202507:01	–	ncsc
NVD	CVE-2025-11865	15 Nov 202508:15	–	nvd

NVD

Vulners

Node

gitlab gitlabRange18.1.0–18.3.6enterprise

gitlab gitlabRange18.4.0–18.4.4enterprise

gitlab gitlabRange18.5.0–18.5.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "18.1",
        "status": "affected",
        "lessThan": "18.3.6",
        "versionType": "semver"
      },
      {
        "version": "18.4",
        "status": "affected",
        "lessThan": "18.4.4",
        "versionType": "semver"
      },
      {
        "version": "18.5",
        "status": "affected",
        "lessThan": "18.5.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
about	www.about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/561399

19 Nov 2025 17:59Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.3 - 5.3

EPSS0.00017

SSVC

CWE-863