CVE-2025-0679 is a medium-severity vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE) versions from 17.1 up to but not including 17.10.7, 17.11 up to but not including 17.11.3, and 18.0 up to but not including 18.0.1. The vulnerability is classified under CWE-359, which pertains to the exposure of private personal information to unauthorized actors. Specifically, under certain conditions, unauthorized users can view full email addresses that should have been partially obscured by the system. This issue arises due to improper handling of email address masking within the GitLab interface or API, allowing attackers with limited privileges (requiring some level of authentication but no user interaction) to access sensitive personal information that should remain confidential. The CVSS 3.1 base score is 4.3, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges (authenticated user), no user interaction, and impacts confidentiality only, without affecting integrity or availability. No known exploits are currently in the wild, and no patches are linked in the provided data, but GitLab has presumably addressed this in versions 17.10.7, 17.11.3, and 18.0.1 and later. The vulnerability could allow attackers to harvest full email addresses of users, which can be leveraged for targeted phishing, social engineering, or further reconnaissance within organizations using GitLab for source code management and DevOps workflows.

For European organizations, this vulnerability poses a privacy and data protection risk, especially under the stringent requirements of the GDPR, which mandates the protection of personal identifiable information (PII) such as email addresses. Unauthorized disclosure of full email addresses can lead to increased phishing attacks, spear-phishing campaigns, and social engineering attempts targeting employees or contractors. This can result in compromised credentials, unauthorized access to internal systems, and potential data breaches. While the vulnerability does not directly impact system integrity or availability, the exposure of personal data can damage organizational reputation, lead to regulatory fines, and increase the attack surface for subsequent intrusions. Organizations heavily reliant on GitLab for internal development, particularly those with large user bases or sensitive projects, are at higher risk. The fact that exploitation requires low-level authentication means that any compromised or insider accounts could be used to exploit this vulnerability, increasing the threat vector within organizations.

European organizations should immediately verify their GitLab versions and upgrade to the fixed releases 17.10.7, 17.11.3, or 18.0.1 or later to remediate this vulnerability. Until patching is complete, organizations should restrict access to GitLab instances to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of unauthorized access. Review and tighten user permissions to ensure minimal privilege principles are enforced, limiting the number of users who can authenticate and potentially exploit this issue. Additionally, monitor GitLab access logs for unusual access patterns or attempts to enumerate user information. Consider implementing network segmentation and access controls to isolate GitLab servers from broader corporate networks. Finally, educate users about phishing risks and encourage vigilance against suspicious emails, as exposed email addresses can be used in targeted attacks.