Security Advisory

CVE-2025-10871

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-26 09:04:21

Last updated 2026-02-26 17:47:54

Assigner GitLab

State PUBLISHED

Description

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.

← Browse all CVEs View on cve.org ↗