CVE-2025-13772
📋 TL;DR
This vulnerability allows authenticated GitLab users to access and use AI model settings from namespaces they shouldn't have access to by manipulating namespace identifiers in API requests. It affects GitLab EE versions 18.4-18.5.4, 18.6-18.6.2, and 18.7-18.7.0. This is an authorization bypass issue that could lead to unauthorized AI model usage.
💻 Affected Systems
- GitLab EE
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could access and utilize proprietary AI models from other namespaces, potentially stealing intellectual property, incurring unauthorized usage costs, or manipulating AI-powered features across the GitLab instance.
Likely Case
Unauthorized access to AI model settings leading to data leakage of AI configurations and potential misuse of AI capabilities within the GitLab platform.
If Mitigated
Limited impact if proper namespace isolation and access controls are already in place, though the vulnerability bypasses some authorization checks.
🎯 Exploit Status
Exploitation requires authenticated access and involves manipulating namespace parameters in API requests. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.5.5, 18.6.3, or 18.7.1
Vendor Advisory: https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/
Restart Required: Yes
Instructions:
1. Identify your current GitLab EE version. 2. Upgrade to 18.5.5 if on 18.4-18.5.4, 18.6.3 if on 18.6-18.6.2, or 18.7.1 if on 18.7.0. 3. Follow GitLab's standard upgrade procedures. 4. Restart GitLab services after upgrade.
🔧 Temporary Workarounds
Restrict AI Feature Access
allDisable AI features or restrict access to AI model settings through GitLab permissions
API Rate Limiting
allImplement stricter rate limiting on namespace-related API endpoints
🧯 If You Can't Patch
- Implement strict access controls and audit all AI model usage
- Monitor API logs for unusual namespace parameter manipulation
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or run: sudo gitlab-rake gitlab:env:info | grep 'Version:'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Verify version is 18.5.5, 18.6.3, or 18.7.1 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual API requests with manipulated namespace parameters
- AI model access from unexpected namespaces
Network Indicators:
- Multiple API requests to namespace endpoints with varying parameters
SIEM Query:
source="gitlab" AND ("namespace" OR "ai_model") AND status=200 AND user NOT IN [authorized_users]