GitLab Product Security Update Advisory (CVE-2025-0376)

Feb 14 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-0376

GitLab Community Edition (CE) version: ~17.8.2 (excluded)
GitLab Community Edition (CE) version: ~17.7.4 (excluded)
GitLab Community Edition (CE) version: ~17.6.5 (excluded)
GitLab Enterprise Edition (EE) version: ~17.8.2 (excluded)
GitLab Enterprise Edition (EE) version: ~17.7.4 (excluded)
GitLab Enterprise Edition (EE) version: ~17.6.5 (excluded)

Resolved Vulnerabilities

Cross-site scripting vulnerability that could allow unauthorized actions to be taken via the changes page (CVE-2025-0376)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-0376

GitLab Community Edition (CE) Version: 17.8.2
GitLab Community Edition (CE) version: 17.7.4
GitLab Community Edition (CE) version: 17.6.5
GitLab Enterprise Edition (EE) version: 17.8.2
GitLab Enterprise Edition (EE) version: 17.7.4
GitLab Enterprise Edition (EE) version: 17.6.5

References

[1] GitLab Patch Release: 17.8.2, 17.7.4, 17.6.5
https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/

GitLab Product Security Update Advisory (CVE-2025-0376)

Google Chrome Browser (133.0.6943.98/.99) Security Update Advisory

PostgreSQL Vulnerability Security Update Advisory (CVE-2025-1094)

Tags:

Google Chrome Browser (133.0.6943.98/.99) Security Update Advisory

PostgreSQL Vulnerability Security Update Advisory (CVE-2025-1094)