CVE-2025-12716
📋 TL;DR
This vulnerability allows authenticated GitLab users to perform unauthorized actions on behalf of other users by creating wiki pages with malicious content. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. Attackers could potentially manipulate or access data they shouldn't have permission to access.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could perform administrative actions, modify critical project data, access sensitive information, or compromise the integrity of the GitLab instance by impersonating other users.
Likely Case
Attackers could modify wiki content, project settings, or perform unauthorized actions within projects they have some access to, potentially escalating privileges or accessing restricted data.
If Mitigated
With proper access controls and monitoring, impact would be limited to specific projects where the attacker already has some level of access.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of GitLab wiki functionality. The HackerOne report suggests practical exploitation methods exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.4.6, 18.5.4, or 18.6.2
Vendor Advisory: https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 18.4.6, 18.5.4, or 18.6.2 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable wiki functionality
linuxTemporarily disable wiki creation and editing for all projects
gitlab-rails console
Project.update_all(wiki_access_level: 0)
Restrict wiki permissions
linuxLimit wiki creation to maintainers and owners only
gitlab-rails console
Project.update_all(wiki_access_level: 20)
🧯 If You Can't Patch
- Implement strict access controls and monitor all wiki page creation activities
- Disable wiki functionality for all non-essential projects and users
🔍 How to Verify
Check if Vulnerable:
Check GitLab version: if running 18.4.0-18.4.5, 18.5.0-18.5.3, or 18.6.0-18.6.1, you are vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Verify GitLab version is 18.4.6, 18.5.4, or 18.6.2 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual wiki page creation patterns
- Wiki edits from users with limited permissions
- Multiple wiki operations in short timeframes
Network Indicators:
- Unusual API calls to wiki endpoints
- Suspicious payloads in wiki content submissions
SIEM Query:
source="gitlab" AND (event="wiki_page_created" OR event="wiki_page_updated") AND user_privilege_level="guest" OR user_privilege_level="reporter"