GitLab Product Security Update Advisory

Mar 10 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-0475, CVE-2025-0555

GitLab CE/EE Version: ~17.7.6 (excluded)
GitLab CE/EE version: ~17.8.4 (excluded)
GitLab CE/EE version: ~17.9.1 (excluded)

Resolved Vulnerabilities

Vulnerability in the proxy function allows unintended content rendering under certain conditions, which could result in XSS attacks (CVE-2025-0475)
Vulnerability that could allow security controls to be bypassed and arbitrary script execution in the user’s browser under certain conditions (CVE-2025-0555)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-0475, CVE-2025-0555

GitLab CE/EE version: 17.7.6
GitLab CE/EE version: 17.8.4
GitLab CE/EE version: 17.9.1

References

[1] GitLab Patch Release: 17.9.1, 17.8.4, 17.7.6
https://about.gitlab.com/releases/2025/02/26/patch-release-gitlab-17-9-1-released/

GitLab Product Security Update Advisory

Elastic Product Security Update Advisory (CVE-2025-25015)

Chrome Security Update Advisory (CVE-2025-1914)

Tags:

Elastic Product Security Update Advisory (CVE-2025-25015)

Chrome Security Update Advisory (CVE-2025-1914)