CVE-2025-11984
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-11

Last updated on: 2025-12-11

Assigner: GitLab Inc.

Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-11
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11984
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gitlab gitlab_ce 18.4.6
gitlab gitlab_ce 18.5
gitlab gitlab_ce 18.6
gitlab gitlab_ce 13.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in GitLab CE/EE versions before certain fixed releases allows an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.

Impact Analysis

An attacker who is an authenticated user could bypass the WebAuthn two-factor authentication, potentially gaining unauthorized access to accounts or sensitive information, leading to a high impact on confidentiality and integrity.

Mitigation Strategies

To mitigate this vulnerability, immediately update GitLab CE/EE to a fixed version: 18.4.6 or later for 18.4.x, 18.5.4 or later for 18.5.x, and 18.6.2 or later for 18.6.x. Ensure that all users re-authenticate and monitor for any suspicious session activity related to WebAuthn two-factor authentication bypass attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11984. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart