CVE-2025-11984 | GitLab Community Edition/Enterprise Edition up to 18.4.5/18.5.3/18.6.1 WebAuthn Two-Factor Authentication authentication bypass (Issue 577847)

A vulnerability, which was classified as critical, was found in GitLab Community Edition and Enterprise Edition up to 18.4.5/18.5.3/18.6.1. This impacts an unknown function of the component WebAuthn Two-Factor Authentication. Executing manipulation can lead to authentication bypass using alternate channel.

This vulnerability is handled as CVE-2025-11984. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More