CVE-2025-5315
📋 TL;DR
This vulnerability allows authenticated users with Guest role permissions in GitLab to bypass UI-enforced restrictions and add child items to incident work items via crafted API requests. It affects GitLab CE/EE installations running vulnerable versions, potentially allowing unauthorized modification of incident management workflows.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Guest users could manipulate incident response workflows, potentially disrupting incident management, adding misleading information, or interfering with security operations.
Likely Case
Guest users gain unauthorized ability to modify incident work items, potentially causing confusion or minor disruption in incident tracking systems.
If Mitigated
With proper role-based access controls and monitoring, impact is limited to unauthorized workflow modifications that can be detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated Guest user access and knowledge of API endpoints. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.11.5, 18.0.3, or 18.1.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/546282
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.11.5, 18.0.3, or 18.1.1 using your preferred update method. 3. Restart GitLab services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict Guest User Access
allTemporarily disable or restrict Guest user permissions for projects containing incident work items.
# Navigate to Project Settings > Members and adjust Guest permissions
API Rate Limiting
allImplement stricter API rate limiting to detect and block suspicious API request patterns.
# Configure in GitLab admin area under Settings > Network
🧯 If You Can't Patch
- Implement strict monitoring of API requests from Guest users, particularly to incident work item endpoints.
- Review and audit all incident work items for unauthorized modifications by Guest users.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via Admin Area or command line. If version is between affected ranges, instance is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep VersionVerify Fix Applied:
After updating, verify version is 17.11.5, 18.0.3, or 18.1.1 or higher. Test that Guest users cannot add child items to incident work items via API.📡 Detection & Monitoring
Log Indicators:
- API requests from Guest users to POST /api/v4/projects/:id/work_items/:work_item_id/children
- Unauthorized modification attempts to incident work items
Network Indicators:
- Unusual API call patterns from Guest role accounts to work item endpoints
SIEM Query:
source="gitlab" AND (user.role="guest" AND endpoint="*work_items*children")