GitLab Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-4439, CVE-2025-4700

 

GitLab CE/EE Versions: 15.10 and above but below 18.0.5
GitLab CE/EE Versions: 18.1 and above but below 18.1.3
GitLab CE/EE Version: 18.2 and above but below 18.2.1

 

CVE-2025-6948

 

GitLab CE/EE Version : 17.11 or later but not earlier than 17.11.6
GitLab CE/EE Version: 18.0 or later but not earlier than 18.0.4
GitLab CE/EE Version: 18.1 and above but below 18.1.2

 

 

Resolved Vulnerabilities

 

Cross-site scripting vulnerability in GitLab CE/EE due to the use of a content delivery network (CVE-2025-4439)
Cross-site scripting vulnerability due to unintended content rendering in GitLab CE/EE (CVE-2025-4700)
Cross-site scripting vulnerability due to malicious content injection in GitLab CE/EE (CVE-2025-6948)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-4439, CVE-2025-4700

 

GitLab CE/EE version: 18.0.5
GitLab CE/EE Version : 18.1.3
GitLab CE/EE Version : 18.2.1

 

CVE-2025-6948

 

GitLab CE/EE Version : 17.11.6
GitLab CE/EE Version : 18.0.4
GitLab CE/EE Version : 18.1.2

 

 

References

 

[1] GitLab Patch Release: 18.2.1, 18.1.3, 18.0.5
https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/
[2] GitLab Patch Release: 18.1.2, 18.0.4, 17.11.6
https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/