CVE-2025-5121
📋 TL;DR
This vulnerability allows attackers to apply compliance frameworks to projects outside their authorized scope due to a missing authorization check in GitLab. All GitLab CE/EE instances running affected versions are impacted, potentially enabling unauthorized modification of project compliance settings.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers could apply inappropriate compliance frameworks to critical projects, causing compliance violations, operational disruption, or data exposure through misconfigured security controls.
Likely Case
Unauthorized users could modify project compliance settings, potentially bypassing security policies or causing configuration drift that violates organizational compliance requirements.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized configuration changes that could be detected and reverted before causing significant harm.
🎯 Exploit Status
Exploitation requires authenticated access but minimal technical skill. No public exploit code available at disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.11.4, 18.0.2
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/545429
Restart Required: Yes
Instructions:
1. Backup GitLab instance. 2. Update to GitLab 17.11.4 or 18.0.2 using your deployment method (Omnibus, Helm, source). 3. Restart GitLab services. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Restrict Compliance Framework Access
allTemporarily restrict permissions for applying compliance frameworks to trusted administrators only.
🧯 If You Can't Patch
- Implement strict access controls limiting who can apply compliance frameworks.
- Enable enhanced auditing of compliance framework changes and monitor for unauthorized modifications.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command: sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Confirm version is 17.11.4+ or 18.0.2+ and test that compliance frameworks cannot be applied to unauthorized projects.📡 Detection & Monitoring
Log Indicators:
- Audit logs showing compliance framework applications to projects outside authorized groups
- Unauthorized API calls to compliance framework endpoints
Network Indicators:
- Unusual patterns of API requests to /api/v4/groups/*/compliance_frameworks or similar endpoints
SIEM Query:
source="gitlab" AND ("compliance_framework" OR "compliance_frameworks") AND action="create" OR action="update"