The company is urging all self-managed installations to upgrade immediately to versions 18.5.2, 18.4.4, or 18.3.6.
The most alarming vulnerability is CVE-2025-6945, a prompt injection flaw in GitLab Duo’s review feature that allows authenticated users to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.
This attack demonstrates how AI-powered features can become significant security risks when input validation fails.
| CVE ID | Vulnerability Title | Severity | CVSS Score |
|---|---|---|---|
| CVE-2025-11224 | Cross-site scripting in k8s proxy | High | 7.7 |
| CVE-2025-11865 | Incorrect authorization in workflows | Medium | 6.5 |
| CVE-2025-2615 | Information disclosure in GraphQL subscriptions | Medium | 4.3 |
| CVE-2025-7000 | Information disclosure in access control | Medium | 4.3 |
| CVE-2025-6945 | Prompt injection in GitLab Duo review | Low | 3.5 |
| CVE-2025-6171 | Information disclosure in packages API | Low | 3.1 |
| CVE-2025-11990 | Client-side path traversal in branch names | Low | 3.1 |
| CVE-2025-7736 | Improper access control in GitLab Pages | Low | 3.1 |
| CVE-2025-12983 | Denial of service in markdown | Low | 3.1 |
The patch batch also includes a high-severity cross-site scripting vulnerability (CVE-2025-11224) in the Kubernetes proxy functionality, which could allow authenticated users to execute stored XSS attacks due to improper input validation.
This affects GitLab versions back to 15.10, creating a significant exposure window for organizations running older instances.
GitLab also addressed two medium-severity information disclosure issues that could grant unauthorized access to sensitive data.
CVE-2025-2615 allows blocked users to access confidential information through GraphQL WebSocket subscriptions, while CVE-2025-7000 permits unauthorized users to view confidential branch names by accessing project issues with related merge requests.
These flaws highlight critical gaps in GitLab’s access control mechanisms.
Enterprise Edition users should pay attention to CVE-2025-11865, a medium-severity authorization bypass allowing users to remove another user’s Duo workflows.
The remaining vulnerabilities include CVE-2025-6171, which enables authenticated reporters to view restricted branch names through the packages API, and CVE-2025-7736, which allows access to GitLab Pages content through OAuth provider authentication.
GitLab recommends immediate action for all affected installations. GitLab.com users are already running patched versions, and Dedicated customers require no action.
Security researchers participating in HackerOne’s bug bounty program reported most vulnerabilities, demonstrating the value of coordinated disclosure. The company also updated libxslt to version 1.1.43, patching additional security issues.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Multiple GitLab Vulnerabilities Allow Malicious Prompt Injection and Data Theft appeared first on Cyber Security News.
A new macOS malware called notnullOSX has surfaced in early 2026, specifically built to steal…
A new macOS malware called notnullOSX has surfaced in early 2026, specifically built to steal…
A new malware campaign is tricking traders into downloading a data-stealing tool by impersonating the…
A new malware campaign is tricking traders into downloading a data-stealing tool by impersonating the…
A nation-state-linked hacking group has found a clever way to hide its malicious activity inside…
Upper Merion Township in the Philadelphia suburbs is no stranger to development. During the holiday…
This website uses cookies.