CVE-2025-11247
📋 TL;DR
This vulnerability allows authenticated GitLab users to access sensitive information from private projects by crafting specific GraphQL queries. It affects GitLab EE versions 13.2 through 18.6.1, requiring user authentication but no special privileges.
💻 Affected Systems
- GitLab EE
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Unauthorized disclosure of sensitive source code, credentials, or proprietary data from private repositories to authenticated users.
Likely Case
Internal users accessing confidential project data they shouldn't have permission to view.
If Mitigated
Minimal impact with proper access controls and monitoring in place.
🎯 Exploit Status
Requires knowledge of GraphQL query crafting and valid user credentials. HackerOne report suggests exploitation details are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.4.6, 18.5.4, or 18.6.2
Vendor Advisory: https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to patched version using your deployment method (Omnibus, Helm, source). 3. Restart GitLab services. 4. Verify update with version check.
🔧 Temporary Workarounds
Restrict GraphQL Access
allTemporarily disable or restrict GraphQL API access for non-admin users
# Configure in GitLab admin settings or via application.yml
Enhanced Monitoring
allMonitor GraphQL query patterns for suspicious activity
# Set up alerts for unusual GraphQL query patterns
🧯 If You Can't Patch
- Implement strict access controls and audit private project permissions
- Monitor GraphQL API logs for unusual query patterns targeting private projects
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command line. If version falls in affected ranges, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep VersionVerify Fix Applied:
Confirm GitLab version is 18.4.6, 18.5.4, 18.6.2 or higher. Test GraphQL queries that previously leaked data should now be blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual GraphQL query patterns targeting private projects
- Multiple failed authorization attempts on GraphQL endpoints
Network Indicators:
- Spike in GraphQL API requests from single users
- Unusual data retrieval patterns via API
SIEM Query:
source="gitlab" AND ("GraphQL" AND "private_project") AND status="200"