GitLab Product Security Update Advisory

Aug 20 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-7734

GitLab CE/EE Versions: 14.2 and above but below 18.0.6
GitLab CE/EE Versions: 18.1 and above but below 18.1.4
GitLab CE/EE Version: 18.2 and above but below 18.2.2

CVE-2025-7739

GitLab CE/EE Version: 18.2 and above but below 18.2.2

CVE-2025-6186

GitLab CE/EE Version : 18.1 and above but below 18.1.4
GitLab CE/EE version: 18.2 and above but below 18.2.2

Resolved Vulnerabilities

Cross-site scripting (XSS) vulnerability in GitLab CE/EE blob viewer (CVE-2025-7734)
Saved Cross-Site Scripting (XSS) Vulnerability in GitLab CE/EE labels (CVE-2025-7739)
Cross-site scripting (XSS) vulnerability in GitLab CE/EE Workitem (CVE-2025-6186)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-7734, CVE-2025-7739, CVE-2025-6186

GitLab CE/EE version: 18.0.6
GitLab CE/EE Version : 18.1.4
GitLab CE/EE Version : 18.2.2

References

[1] GitLab Patch Release: 18.2.2, 18.1.4, 18.0.6
https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/

GitLab Product Security Update Advisory

Microsoft Edge browser (139.0.3405.102) version security update advisory

ManageEngine (AssetExplorer, ServiceDesk Plus, and others) Family August 2025 Security Update Advisory

Tags:

Microsoft Edge browser (139.0.3405.102) version security update advisory

ManageEngine (AssetExplorer, ServiceDesk Plus, and others) Family August 2025 Security Update Advisory