This page aggregates publicly disclosed CVE and security risk information related to gatling, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-51308 | In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | [email protected] | 5.3 | 0.26% | 2025-08-06 | 2025-10-09 |
| CVE-2025-51306 | In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management. | [email protected] | 6.5 | 0.29% | 2025-08-06 | 2025-10-09 |