CVE-2025-5315 – GitLab Guest Role Bypass API Vulnerability (Authentication Bypass)

June 26, 2025

CVE ID : CVE-2025-5315

Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3279 – GitLab GraphQL Denial of Service Vulnerability

Next Article CVE-2025-48497 – Iroha Board CSRF

Highlights

CVE-2025-34031 – Moodle LMS Jmol Plugin Path Traversal Vulnerability

June 23, 2025

CVE ID : CVE-2025-34031

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server’s filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-5315 – GitLab Guest Role Bypass API Vulnerability (Authentication Bypass)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Lower Cloud Bills, Faster MTTR, Stronger Security: One Platform for Node.js

StarRocks is a high-performance analytical database

T-Mobile is giving loyal users a free line right now – how to see if you qualify

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

CVE-2025-34031 – Moodle LMS Jmol Plugin Path Traversal Vulnerability

My search for the ultimate multitool for under $30 is finally over

CVE-2025-30929 – Amazon Web Services (AWS) fluXtore Authorization Bypass

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

CVE-2025-5315 – GitLab Guest Role Bypass API Vulnerability (Authentication Bypass)

Related Posts