CVE-2025-7691
Published: 26 September 2025
Summary
CVE-2025-7691 is a medium-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability in Gitlab Gitlab. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31323
Vulnerability details
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate…
more
their privileges and obtain unauthorized access to additional system capabilities.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.