CVE-2025-4976

🗓️ 24 Jul 2025 06:05:37Reported by GitLabType

CVE-2025-4976 allows attackers to access internal notes in GitLab Duo responses via policy issues.

Reporter	Title	Published	Views	Family All 17
FreeBSD	Gitlab -- vulnerabilities	23 Jul 202500:00	–	freebsd
Circl	CVE-2025-4976	20 Jun 202518:53	–	circl
CNNVD	GitLab Enterprise Edition 安全漏洞	24 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab	24 Jul 202506:05	–	cvelist
Debian CVE	CVE-2025-4976	24 Jul 202506:05	–	debiancve
EUVD	EUVD-2025-22481	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (5683b3a7-683d-11f0-966e-2cf05da270f3)	28 Jul 202500:00	–	nessus
Tenable Nessus	GitLab 17.0 < 18.0.5 / 18.1 < 18.1.3 / 18.2 < 18.2.1 (CVE-2025-4976)	24 Jul 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-4976	9 Aug 202500:00	–	nessus
NVD	CVE-2025-4976	24 Jul 202507:15	–	nvd

NVD

Vulners

Node

gitlab gitlabRange17.0.0–18.0.5enterprise

gitlab gitlabRange18.1.0–18.1.3enterprise

gitlab gitlabMatch18.2enterprise

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "17.0",
        "status": "affected",
        "lessThan": "18.0.5",
        "versionType": "semver"
      },
      {
        "version": "18.1",
        "status": "affected",
        "lessThan": "18.1.3",
        "versionType": "semver"
      },
      {
        "version": "18.2",
        "status": "affected",
        "lessThan": "18.2.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3149956
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/543905

28 Jul 2025 14:14Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.3 - 5.3

EPSS0.00078

SSVC

CWE-213

cve-2025-4976 gitlab security vulnerability internal notes policy issues