{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9957", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-09-03T16:05:53.191Z", "datePublished": "2026-04-22T16:05:16.304Z", "dateUpdated": "2026-04-22T17:34:06.772Z"}, "containers": {"cna": {"title": "Incorrect Authorization in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "11.2", "status": "affected", "lessThan": "18.9.6", "versionType": "semver"}, {"version": "18.10", "status": "affected", "lessThan": "18.10.4", "versionType": "semver"}, {"version": "18.11", "status": "affected", "lessThan": "18.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863", "type": "CWE"}]}], "references": [{"url": "https://hackerone.com/reports/3275222", "name": "HackerOne Bug Bounty Report #3275222", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/567781"}, {"url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.9.6, 18.10.4, 18.11.1 or above."}], "credits": [{"lang": "en", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-22T16:05:16.304Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-22T17:33:26.222226Z", "id": "CVE-2025-9957", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:34:06.772Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9957", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-22T17:33:26.222226Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T17:33:51.237Z"}}], "cna": {"title": "Incorrect Authorization in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [theluci](https://hackerone.com/theluci) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "11.2", "lessThan": "18.9.6", "versionType": "semver"}, {"status": "affected", "version": "18.10", "lessThan": "18.10.4", "versionType": "semver"}, {"status": "affected", "version": "18.11", "lessThan": "18.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.9.6, 18.10.4, 18.11.1 or above."}], "references": [{"url": "https://hackerone.com/reports/3275222", "name": "HackerOne Bug Bounty Report #3275222", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/567781"}, {"url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-22T16:05:16.304Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9957", "state": "PUBLISHED", "dateUpdated": "2026-04-22T17:34:06.772Z", "dateReserved": "2025-09-03T16:05:53.191Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-22T16:05:16.304Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks."}], "id": "CVE-2025-9957", "lastModified": "2026-04-22T17:16:33.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-04-22T17:16:33.557", "references": [{"source": "cve@gitlab.com", "url": "https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released/"}, {"source": "cve@gitlab.com", "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/567781"}, {"source": "cve@gitlab.com", "url": "https://hackerone.com/reports/3275222"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.2,18.9.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[18.10,18.10.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[18.11,18.11.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-22T18:21:55.381789+00:00", "value": {"mitigation_remediation": ["Upgrade GitLab to version 18.9.6, 18.10.4, 18.11.1 or any newer release to address the authorization flaw.", "Re\u2011enable group fork prevention settings in all affected projects and groups to reinforce access control after the upgrade.", "If the upgrade cannot be applied immediately, restrict the number of project owner accounts and disable fork permissions for critical projects until the patch is applied."], "summary": {"action": "Immediate patch", "impact": "Authorization bypass"}, "threat_synthesis": {"affected_systems": "GitLab Community Edition and Enterprise Edition are affected, including every release from version 11.2 up to but not including 18.9.6, all releases before 18.10.4 within the 18.10 lineage, and all releases before 18.11.1 within the 18.11 lineage. The vulnerability is present only in CE/EE builds with the default fork protection features enabled.", "description_and_impact": "GitLab has an authorization flaw that allows an authenticated user with project owner rights to bypass group fork prevention settings. The issue stems from improper authorization checks in the fork logic and is categorized as CWE\u2011863. Consequently, a project owner can create forks in groups that are intended to be protected, potentially exposing sensitive code or data.", "risk_and_exploitability": "With a CVSS score of 2.7, the vulnerability is classified as low severity. No EPSS data is available and the bug is not listed in CISA's KEV catalog, indicating no known widespread exploitation. The attack requires an authenticated project owner to exploit the flaw, suggesting that it is not easily leveraged by unauthenticated attackers. As a result, the overall risk to organizations is low, but the potential impact on confidentiality where group fork prevention is critical should not be ignored."}}}}, "created": "2026-04-22T18:30:23.752922+00:00", "updated": "2026-04-22T19:15:24.273505+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}