GitLab Product Security Update Advisory

Sep 17 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-2256

GitLab CE/EE Versions: 7.12 and later but before 18.1.6
GitLab CE/EE Versions: 18.2 and above but below 18.2.6
GitLab CE/EE version: 18.3 or later but not earlier than 18.3.2

CVE-2025-6454

GitLab CE/EE Version: 16.11 or later but before 18.1.6
GitLab CE/EE version: 18.2 or later but not earlier than 18.2.6
GitLab CE/EE version: 18.3 or later but not earlier than 18.3.2

Resolved Vulnerabilities

Denial of Service Vulnerability in SAML Response Handling in GitLab CE/EE (CVE-2025-2256)
SSRF vulnerability in the handling of webhook custom headers in GitLab CE/EE (CVE-2025-6454)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-2256, CVE-2025-6454

GitLab CE/EE version: 18.1.6
GitLab CE/EE version: 18.2.6
GitLab CE/EE version: 18.3.2

References

[1] GitLab Patch Release: 18.3.2, 18.2.6, 18.1.6
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/

GitLab Product Security Update Advisory

ADOdb Security Update Advisory (CVE-2025-54119)

Linux Kernel Security Update Advisory (CVE-2025-21692)

Tags:

ADOdb Security Update Advisory (CVE-2025-54119)

Linux Kernel Security Update Advisory (CVE-2025-21692)