CVE-2025-7691HIGH 8.8EPSS p25.6%

CVE-2025-7691CVE-2025-7691

Description

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 25.6% · 2026-06-18T12:00:27Z
Published2025-09-26
Last modified2025-09-29

Underlying weaknesses· 1

CWE-267

References

  1. https://gitlab.com/gitlab-org/gitlab/-/issues/555786
  2. https://hackerone.com/reports/3200469

1

TypeTargetConfidenceTier
WeaknessPrivilege Defined With Unsafe Actionscwe-2670%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2242
CVE
CVE-2025-2938
CVE
CVE-2025-6948
CVE
CVE-2025-7659
CVE
CVE-2026-5173
CVE
CVE-2025-12029
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.