GitLab has launched pressing safety patches addressing a number of vulnerabilities affecting each the Group Version and the Enterprise Version.
The corporate launched variations 18.5.2, 18.4.4, and 18.3.6 to repair vital safety points that would enable attackers to compromise delicate info and bypass entry controls.
Essentially the most regarding vulnerability entails immediate injection assaults in GitLab Duo’s evaluate function. Attackers can inject hidden malicious prompts immediately into merge request feedback.
These hidden directions trick the AI system into leaking delicate info from confidential points. This vulnerability impacts GitLab Enterprise Version variations 17.9 and later, doubtlessly exposing categorised challenge knowledge to unauthorized customers.
Past immediate injection, GitLab patched 9 extra vulnerabilities starting from excessive to low severity.
CVE IDVulnerability TitleTypeSeverityCVSS ScoreCVE-2025-11224Cross-site scripting situation in k8s proxyXSSHigh7.7CVE-2025-11865Incorrect Authorization situation in workflowsAuthorization BypassMedium6.5CVE-2025-2615Information Disclosure situation in GraphQL subscriptionsInformation DisclosureMedium4.3CVE-2025-7000Information Disclosure situation in entry controlInformation DisclosureMedium4.3CVE-2025-6945Prompt Injection situation in GitLab Duo reviewPrompt InjectionLow3.5CVE-2025-6171Information Disclosure situation in packages API endpointInformation DisclosureLow3.1CVE-2025-11990Client Facet Path Traversal situation in department namesPath TraversalLow3.1CVE-2025-7736Improper Entry Management situation in GitLab PagesAccess ControlLow3.1CVE-2025-12983Denial of service situation in markdownDenial of ServiceLow3.1
A cross-site scripting (XSS) vulnerability within the Kubernetes proxy permits authenticated customers to execute malicious scripts, affecting variations 15.10 and later.
An authorization bypass in workflows lets customers take away AI flows belonging to different customers, compromising workflow integrity. Info disclosure vulnerabilities additionally pose critical dangers.
Attackers can entry delicate knowledge by means of a number of vectors: blocked customers establishing GraphQL subscriptions, unauthorized viewing of department names by means of entry management weaknesses, and data leakage through the packages API endpoint, even when repository entry is disabled.
Extra vulnerabilities embrace path-traversal points affecting department names, improper entry management in GitLab Pages that enables OAuth authentication bypasses, and denial-of-service assaults through specifically crafted Markdown content material.
GitLab strongly recommends upgrading to the patched variations instantly. The corporate has already up to date GitLab.com, and GitLab Devoted clients require no motion.
Self-managed installations should prioritize quick upgrades, as these vulnerabilities immediately have an effect on buyer knowledge safety. The patches embrace database migrations which will have an effect on improve processes.
Single-node situations will expertise downtime throughout updates, whereas multi-node installations can implement zero-downtime upgrades utilizing correct procedures.
GitLab researchers found most vulnerabilities by means of the HackerOne bug bounty program. The corporate commits to releasing safety particulars 30 days after every patch on its public situation tracker.
All affected organizations ought to evaluate their present GitLab variations and deploy patches directly to guard towards these escalating safety threats.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
