The company strongly recommends immediate upgrades for all self-managed installations, while GitLab.com is already running the patched versions.
The patch release addresses six significant security vulnerabilities, with two classified as high-severity cross-site scripting (XSS) issues.
The most critical vulnerability, CVE-2025-4700, impacts the Kubernetes proxy feature and could allow attackers to trigger unintended content rendering, leading to XSS attacks.
This vulnerability affects all versions from 15.10 before the current patches and carries a CVSS score of 8.7.
A second high-severity vulnerability, CVE-2025-4439, affects installations using content delivery networks (CDNs) and could enable authenticated users to perform cross-site scripting attacks.
This issue has a CVSS score of 7.7 and impacts the same version range as the primary XSS vulnerability.
Four medium-severity vulnerabilities were also patched, primarily involving improper access control and exposure of sensitive information.
CVE-2025-7001 addressed unauthorized access to resource group information through the API, while CVE-2025-4976 specifically impacts GitLab Enterprise Edition by potentially exposing internal notes in GitLab Duo responses.
Additional medium-severity fixes include CVE-2025-0765, which prevented unauthorized access to custom service desk email addresses, and CVE-2025-1299, addressing unauthorized access to deployment job logs through crafted requests.
Beyond security patches, the releases include numerous bug fixes across all three versions.
Notable improvements in version 18.2.1 include fixes for S3 compatibility in Workhorse uploads for non-AWS providers and enhancements to the Agentic Chat feature.
Version 18.1.3 addresses Elasticsearch configuration issues and branch loading problems in group merge request lists, while version 18.0.5 focuses on search functionality improvements and container registry updates.
GitLab emphasizes that all affected installations should upgrade immediately to maintain security hygiene.
The company follows a bi-monthly scheduled release pattern on the second and fourth Wednesdays, though critical vulnerabilities may trigger ad-hoc releases.
Security vulnerability details will be made public on GitLab’s issue tracker 30 days after the patch release, following standard disclosure practices.
GitLab Dedicated customers do not need to take action as updates are managed automatically, while self-managed users should consult the official update documentation for their specific deployment type.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post GitLab Releases Security Patch for Multiple Vulnerabilities appeared first on Cyber Security News.
Whether you need new noise-canceling headphones or a neck fan to get you through the…
IGN's multi-day in-person fan event is set to showcase the biggest names in games and…
Whether you need new noise-canceling headphones or a neck fan to get you through the…
IGN's multi-day in-person fan event is set to showcase the biggest names in games and…
As a big LEGO fan, so much has caught my eye lately. From exciting new…
Back in October of 2025, XGIMI released its Titan 4K projector to rave reviews. This…
This website uses cookies.