The vulnerability is an improper authorization flaw in Gerrit's 'submitted together' feature, enabling an attacker who can force‑push to a secondary branch to bypass code review and forcefully submit changes to restricted branches. By crafting a submission that shares the same topic tag as an unapproved change, the attacker can trick Gerrit into treating the new change as part of the submitted group, thereby circumventing review and branch protection requirements. The impact is the ability to introduce code into protected branches without the intended peer‑review safeguards, compromising code integrity and potentially leading to unauthorized deployment of malicious or erroneous code.

This issue affects Gerrit 2.12 and later. The flaw resides in the 'submitted together' functionality across all distributions of Gerrit that enable this feature, and is visible for any project where an authenticated user has force‑push access to a secondary branch.

The CVSS score of 6.0 indicates moderate overall risk. The EPSS score of 0.00035 indicates a very low likelihood of exploitation, though the existence of an exploit is documented. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated user with force‑push privilege on a secondary branch, so attackers need existing access and must configure the 'submitted together' settings. Because the attack vector is limited to users who already have certain rights, the potential for widespread compromise is moderate but still significant for organizations where those permissions are abundant.