CVE-2025-9825 Missing Authorization in GitLab

🗓️ 21 Nov 2025 05:33:31Reported by GitLabType

GitLab fixed missing authorization that allowed non members to view sensitive manual integration variables via Graph Query Language.

Reporter	Title	Published	Views	Family All 19
FreeBSD	Gitlab -- vulnerabilities	8 Oct 202500:00	–	freebsd
Chainguard	CVE-2025-9825 vulnerabilities	28 Jan 202619:17	–	cgr
CNNVD	GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞	21 Nov 202500:00	–	cnnvd
CVE	CVE-2025-9825	21 Nov 202505:33	–	cve
Debian CVE	CVE-2025-9825	21 Nov 202505:33	–	debiancve
EUVD	EUVD-2025-198377	21 Nov 202505:33	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (87fdaf3c-a5b5-11f0-98b5-2cf05da270f3)	11 Oct 202500:00	–	nessus
Tenable Nessus	GitLab 13.7 < 18.2.8 / 18.3 < 18.3.4 / 18.4 < 18.4.2 (CVE-2025-9825)	12 Feb 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-9825	14 Oct 202500:00	–	nessus
NCSC	Vulnerabilities fixed in GitLab	13 Oct 202507:25	–	ncsc

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "13.7",
        "status": "affected",
        "lessThan": "18.2.8",
        "versionType": "semver"
      },
      {
        "version": "18.3",
        "status": "affected",
        "lessThan": "18.3.4",
        "versionType": "semver"
      },
      {
        "version": "18.4",
        "status": "affected",
        "lessThan": "18.4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
about	www.about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/
hackerone	www.hackerone.com/reports/3319800
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/567301

21 Nov 2025 05:33Current

CVSS 3.15

EPSS0.00008

CWE-862