Executive Summary

This vulnerability is a business logic error in GitLab Enterprise Edition that affects versions from 18.4 before 18.4.3 and 18.5 before 18.5.1. It allows authenticated users to gain unauthorized access to projects by exploiting the access request approval workflow, meaning users could bypass intended access controls under certain conditions. [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by allowing authenticated users with certain privileges to access projects they should not have access to, potentially leading to unauthorized viewing or modification of project data. Although the impact on confidentiality and integrity is low and there is no impact on availability, unauthorized project access can still pose security risks. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2025-6601, you should immediately upgrade your GitLab Enterprise Edition to version 18.4.3 or later if you are on the 18.4 series, or to version 18.5.1 or later if you are on the 18.5 series. These patch releases address the vulnerability by fixing the business logic error in the access request approval workflow. It is strongly recommended to apply these updates promptly to maintain security hygiene. [1]

Useful 0 Not Useful 0