Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data

GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition.

The company released versions 18.5.2, 18.4.4, and 18.3.6 to fix critical security issues that could allow attackers to compromise sensitive information and bypass access controls.

The most concerning vulnerability involves prompt injection attacks in GitLab Duo’s review feature. Attackers can inject hidden malicious prompts directly into merge request comments.

These hidden instructions trick the AI system into leaking sensitive information from confidential issues. This vulnerability affects GitLab Enterprise Edition versions 17.9 and later, potentially exposing classified project data to unauthorized users.

Beyond prompt injection, GitLab patched nine additional vulnerabilities ranging from high to low severity.

CVE ID	Vulnerability Title	Type	Severity	CVSS Score
CVE-2025-11224	Cross-site scripting issue in k8s proxy	XSS	High	7.7
CVE-2025-11865	Incorrect Authorization issue in workflows	Authorization Bypass	Medium	6.5
CVE-2025-2615	Information Disclosure issue in GraphQL subscriptions	Information Disclosure	Medium	4.3
CVE-2025-7000	Information Disclosure issue in access control	Information Disclosure	Medium	4.3
CVE-2025-6945	Prompt Injection issue in GitLab Duo review	Prompt Injection	Low	3.5
CVE-2025-6171	Information Disclosure issue in packages API endpoint	Information Disclosure	Low	3.1
CVE-2025-11990	Client Side Path Traversal issue in branch names	Path Traversal	Low	3.1
CVE-2025-7736	Improper Access Control issue in GitLab Pages	Access Control	Low	3.1
CVE-2025-12983	Denial of service issue in markdown	Denial of Service	Low	3.1

A cross-site scripting (XSS) vulnerability in the Kubernetes proxy allows authenticated users to execute malicious scripts, affecting versions 15.10 and later.

An authorization bypass in workflows lets users remove AI flows belonging to other users, compromising workflow integrity. Information disclosure vulnerabilities also pose serious risks.

Attackers can access sensitive data through multiple vectors: blocked users establishing GraphQL subscriptions, unauthorized viewing of branch names through access control weaknesses, and information leakage via the packages API endpoint, even when repository access is disabled.

Additional vulnerabilities include path-traversal issues affecting branch names, improper access control in GitLab Pages that allows OAuth authentication bypasses, and denial-of-service attacks via specially crafted Markdown content.

GitLab strongly recommends upgrading to the patched versions immediately. The company has already updated GitLab.com, and GitLab Dedicated customers require no action.

Self-managed installations must prioritize immediate upgrades, as these vulnerabilities directly affect customer data security. The patches include database migrations that may affect upgrade processes.

Single-node instances will experience downtime during updates, while multi-node installations can implement zero-downtime upgrades using proper procedures.

GitLab researchers discovered most vulnerabilities through the HackerOne bug bounty program. The company commits to releasing security details 30 days after each patch on its public issue tracker.

All affected organizations should review their current GitLab versions and deploy patches without delay to protect against these escalating security threats.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data appeared first on Cyber Security News.