Security Advisory

GitLab Product Security Update Advisory

  • Jul 04 2025
GitLab Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-0673

 

GitLab CE/EE Versions: 17.7 and later but not earlier than 17.10.8
GitLab CE/EE Versions: 17.11 and later but not earlier than 17.11.4
GitLab CE/EE Version: 18.0 and above but below 18.0.2

 

CVE-2025-2254

 

GitLab CE/EE Version: 17.9 or later but not earlier than 17.10.8
GitLab CE/EE Version: 17.11 or later but not earlier than 17.11.4
GitLab CE/EE Version: 18.0 and above but below 18.0.2

 

CVE-2025-4278

 

GitLab CE/EE Version: 18.0 and above but below 18.0.2

 

CVE-2025-5121

 

GitLab Ultimate EE Version: 17.11 or later but not earlier than 17.11.4
GitLab Ultimate EE version: 18.0 and above but below 18.0.2

 

CVE-2025-2443

 

GitLab EE version: 16.6 or later and less than 17.9.7
GitLab EE version: 17.10 or later but not earlier than 17.10.5
GitLab EE version: 17.11 and above but below 17.11.1

 

 

Resolved Vulnerabilities

 

Denial of Service Vulnerability via an Infinite Redirect Loop in GitLab CE/EE (CVE-2025-0673)
Cross-site scripting vulnerability via snippet viewer in GitLab CE/EE (CVE-2025-2254)
HTML code injection vulnerability in GitLab CE/EE (CVE-2025-4278)
Malicious CI/CD injection vulnerability due to missing permission validation in GitLab Ultimate EE (CVE-2025-5121)
Cross-site scripting vulnerability due to poor handling of Maven proxy cache headers in GitLab EE (CVE-2025-2443)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-0673, CVE-2025-2254, CVE-2025-4278, CVE-2025-5121

 

GitLab CE/EE version: 17.10.8
GitLab CE/EE Version : 17.11.4
GitLab CE/EE Version : 18.0.2

 

CVE-2025-2443

 

GitLab EE Version : 17.9.7
GitLab EE Version : 17.10.5
GitLab EE version: 17.11.1

 

 

References

 

[1] GitLab Patch Release: 18.0.2, 17.11.4, 17.10.8
https://about.gitlab.com/releases/2025/06/11/patch-release-gitlab-18-0-2-released/
[2] GitLab Patch Release: 17.11.1, 17.10.5, 17.9.7
https://about.gitlab.com/releases/2025/04/23/patch-release-gitlab-17-11-1-released/

Tags:
Previous Post

Next Post