The patches were released on August 13, 2025, affecting GitLab Community Edition (CE) and Enterprise Edition (EE) across versions 18.2.2, 18.1.4, and 18.0.6.
Key Takeaways
1. GitLab patched three high-severity flaws.
2. Update immediately to versions 18.0.6, 18.1.4, or 18.2.2 to prevent exploitation.
3. Affects all GitLab editions with some vulnerabilities dating back to version 14.2.
Three high-severity XSS vulnerabilities with CVSS scores of 8.7 pose significant threats to GitLab users.
CVE-2025-6186 represents the most critical flaw, allowing authenticated users to achieve account takeover by injecting malicious HTML content into work item names. This vulnerability affects GitLab CE/EE versions from 18.1 before 18.1.4 and 18.2 before 18.2.2.
CVE-2025-7734 impacts the blob viewer component, enabling attackers to execute actions on behalf of users by injecting malicious content under certain conditions.
This vulnerability affects all versions from 14.2 before the patched releases. CVE-2025-7739 specifically targets scoped label descriptions, allowing authenticated users to achieve stored XSS by injecting malicious HTML content. This flaw affects only GitLab version 18.2 before 18.2.2.
The CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N indicates these vulnerabilities can be exploited over networks with low attack complexity, requiring only low privileges and user interaction.
CVE-2025-8094 addresses an improper handling of permissions issue in the project API, with a CVSS score of 7.7.
This vulnerability could allow authenticated users with maintainer privileges to cause denial of service to other users’ CI/CD pipelines by manipulating shared infrastructure resources beyond their intended access level.
Several medium-severity vulnerabilities compound the security risks, including CVE-2024-12303 for incorrect privilege assignment in delete issues operations and CVE-2024-10219 for incorrect authorization in jobs API that could allow bypassing access controls to download private artifacts.
| CVE | Title | CVSS 3.1 Score | Severity |
| CVE-2025-7734 | Cross-site scripting issue in blob viewer impacts GitLab CE/EE | 8.7 | High |
| CVE-2025-7739 | Cross-site scripting issue in labels impacts GitLab CE/EE | 8.7 | High |
| CVE-2025-6186 | Cross-site scripting issue in Workitem impacts GitLab CE/EE | 8.7 | High |
| CVE-2025-8094 | Improper Handling of Permissions issue in project API impacts GitLab CE/EE | 7.7 | High |
| CVE-2024-12303 | Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE | 6.7 | Medium |
| CVE-2025-2614 | Allocation of Resources Without Limits issue in release name creation impacts GitLab CE/EE | 6.5 | Medium |
| CVE-2024-10219 | Incorrect Authorization issue in jobs API impacts GitLab CE/EE | 6.5 | Medium |
| CVE-2025-8770 | Authorization issue in Merge request approval policy impacts GitLab EE | 6.5 | Medium |
| CVE-2025-2937 | Inefficient Regular Expression Complexity issue in wiki impacts GitLab CE/EE | 6.5 | Medium |
| CVE-2025-1477 | Allocation of Resources Without Limits issue in Mattermost integration impacts GitLab CE/EE | 6.5 | Medium |
| CVE-2025-5819 | Incorrect Permission Assignment issue in ID token impacts GitLab CE/EE | 5.0 | Medium |
| CVE-2025-2498 | Insufficient Access Control issue in IP Restriction impacts GitLab EE | 3.1 | Low |
GitLab strongly recommends immediate upgrades to the latest patched versions for all self-managed installations.
The vulnerabilities were discovered through GitLab’s HackerOne bug bounty program by security researchers, including joaxcar, yvvdwf, abdelrahman_maged, and others.
GitLab.com instances are already running patched versions, while GitLab Dedicated customers require no action.
The patches include both regular migrations and post-deploy migrations that may impact upgrade processes, particularly for single-node instances, which will experience downtime during upgrades.
Organizations should prioritize these updates as the combination of account takeover capabilities and XSS exploitation vectors presents significant security risks to development workflows and sensitive code repositories.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
The post Multiple GitLab Vulnerabilities Enables Account Takeover and Stored XSS Exploitation appeared first on Cyber Security News.
Mobile Swipe Menu is a vanilla JavaScript library that creates touch-enabled off-canvas side menus for…
tiks is a JavaScript sound effect library that generates iOS-like UI audio feedback at runtime…
LANSING, MI (WOWO) A broad coalition of business groups, housing advocates and environmental organizations is…
LANSING, MI (WOWO) Michigan lawmakers are advancing a series of proposals aimed at reforming the…
A group of unauthorized users has reportedly breached access controls surrounding Claude Mythos Preview, Anthropic’s…
MARSHALL COUNTY, IND. (WOWO) Marshall County commissioners have approved a permanent ban on data centers…
This website uses cookies.