The company strongly recommends immediate upgrades for all self-managed installations, while GitLab.com is already running the patched versions.
The patch release addresses six significant security vulnerabilities, with two classified as high-severity cross-site scripting (XSS) issues.
The most critical vulnerability, CVE-2025-4700, impacts the Kubernetes proxy feature and could allow attackers to trigger unintended content rendering, leading to XSS attacks.
This vulnerability affects all versions from 15.10 before the current patches and carries a CVSS score of 8.7.
A second high-severity vulnerability, CVE-2025-4439, affects installations using content delivery networks (CDNs) and could enable authenticated users to perform cross-site scripting attacks.
This issue has a CVSS score of 7.7 and impacts the same version range as the primary XSS vulnerability.
Four medium-severity vulnerabilities were also patched, primarily involving improper access control and exposure of sensitive information.
CVE-2025-7001 addressed unauthorized access to resource group information through the API, while CVE-2025-4976 specifically impacts GitLab Enterprise Edition by potentially exposing internal notes in GitLab Duo responses.
Additional medium-severity fixes include CVE-2025-0765, which prevented unauthorized access to custom service desk email addresses, and CVE-2025-1299, addressing unauthorized access to deployment job logs through crafted requests.
Beyond security patches, the releases include numerous bug fixes across all three versions.
Notable improvements in version 18.2.1 include fixes for S3 compatibility in Workhorse uploads for non-AWS providers and enhancements to the Agentic Chat feature.
Version 18.1.3 addresses Elasticsearch configuration issues and branch loading problems in group merge request lists, while version 18.0.5 focuses on search functionality improvements and container registry updates.
GitLab emphasizes that all affected installations should upgrade immediately to maintain security hygiene.
The company follows a bi-monthly scheduled release pattern on the second and fourth Wednesdays, though critical vulnerabilities may trigger ad-hoc releases.
Security vulnerability details will be made public on GitLab’s issue tracker 30 days after the patch release, following standard disclosure practices.
GitLab Dedicated customers do not need to take action as updates are managed automatically, while self-managed users should consult the official update documentation for their specific deployment type.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post GitLab Releases Security Patch for Multiple Vulnerabilities appeared first on Cyber Security News.
Microsoft says a cybercriminal group it tracks as Storm-2561 is running a credential theft campaign…
Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment…
Full spoilers follow for Primal Season 3, Episode 10, “An Echo of Eternity,” which is…
The year is 2033, and a devastating virus and rogue AI have combined to bring…
The year is 2033, and a devastating virus and rogue AI have combined to bring…
The Oscars just had their seventh tie in the history of the Academy Awards, for…
This website uses cookies.