CVE-2025-9825 – Missing Authorization in GitLab

CVE ID : CVE-2025-9825

Published : Nov. 21, 2025, 6:15 a.m. | 59 minutes ago

Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…