CVE-2025-2242
Published: 27 March 2025
Summary
CVE-2025-2242 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Gitlab Gitlab. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-2 requires managing information system accounts including privilege modifications and revocations upon role changes, directly preventing former instance admins from retaining elevated group and project access after downgrade.
AC-6 enforces least privilege through reviews and reassignments of privileges, ensuring downgraded users do not maintain unnecessary elevated access to groups and projects.
AC-3 mandates enforcement of approved authorizations for logical access, addressing the improper access control that permitted persistent elevated privileges post-downgrade.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an improper access control flaw allowing a downgraded admin user to retain elevated privileges on groups/projects, directly enabling exploitation for privilege escalation within the GitLab application.
NVD Description
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to…
more
a regular user to continue to maintain elevated privileges to groups and projects.
Deeper analysisAI
CVE-2025-2242 is an improper access control vulnerability (CWE-863) affecting GitLab Community Edition (CE) and Enterprise Edition (EE) in all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1. The issue allows a user who previously held instance admin privileges but has been downgraded to a regular user to retain elevated access to groups and projects, bypassing the intended privilege reduction.
An attacker with prior instance admin access, now operating as a regular user (PR:L), can exploit this over the network (AV:N) with high attack complexity (AC:H) and no user interaction required (UI:N). Successful exploitation grants continued high-impact privileges (C:H/I:H/A:H) on affected groups and projects in an unscoped manner (S:U), potentially enabling unauthorized data access, modification, or deletion.
Mitigation requires upgrading to GitLab versions 17.8.6, 17.9.3, 17.10.1, or later, as indicated by the affected version ranges. Additional details are available in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/516271.
Details
- CWE(s)