CVE-2025-12697

low-risk

Published 2026-03-11

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.2/10 Low

NETWORK / HIGH complexity

Affected Products (2)

Gitlab

Affected Vendors

Gitlab

References (3)

Release Notes https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-release...

Broken Link https://gitlab.com/gitlab-org/gitlab/-/work_items/579504

Permissions Required https://hackerone.com/reports/3341953

/ 100

low-risk

Severity 9/34 · Low

Exploitability 0/34 · Minimal

Exposure 7/34 · Low