CVE-2025-14592 Missing Authorization in GitLab

🗓️ 11 Feb 2026 11:34:01Reported by GitLabType

CVE-2025-14592 fixed missing authorization in GitLab CE and EE via GraphQL mutations.

Reporter	Title	Published	Views	Family All 18
FreeBSD	Gitlab -- vulnerabilities	10 Feb 202600:00	–	freebsd
ATTACKERKB	CVE-2025-14592	11 Feb 202611:34	–	attackerkb
Circl	CVE-2025-14592	11 Feb 202613:55	–	circl
CNNVD	GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞	11 Feb 202600:00	–	cnnvd
CVE	CVE-2025-14592	11 Feb 202611:34	–	cve
Debian CVE	CVE-2025-14592	11 Feb 202611:34	–	debiancve
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)	11 Feb 202600:00	–	nessus
Tenable Nessus	GitLab 18.6 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2025-14592)	12 Feb 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-14592	12 Feb 202600:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab CE/EE	11 Feb 202611:45	–	ncsc

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "18.6",
        "status": "affected",
        "lessThan": "18.6.6",
        "versionType": "semver"
      },
      {
        "version": "18.7",
        "status": "affected",
        "lessThan": "18.7.4",
        "versionType": "semver"
      },
      {
        "version": "18.8",
        "status": "affected",
        "lessThan": "18.8.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/583961
hackerone	www.hackerone.com/reports/3451435
about	www.about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/

11 Feb 2026 11:34Current

CVSS 3.13.7

EPSS0.00254

CWE-862