GitLab Product Security Update Advisory

Sep 30 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-9642

GitLab CE/EE Versions: 14.10 and above but below 18.2.7
GitLab CE/EE Version: 18.3 or later but not earlier than 18.3.3
GitLab CE/EE version: 18.4 or later but not earlier than 18.4.1

CVE-2025-10858

GitLab CE/EE Versions: 18.2.7 and earlier
GitLab CE/EE Version: 18.3 or later but not earlier than 18.3.3
GitLab CE/EE version: 18.4 or later but not earlier than 18.4.1

CVE-2025-8014

GitLab CE/EE Version: 11.10 or later but not earlier than 18.2.7
GitLab CE/EE Version: 18.3 or later but not earlier than 18.3.3
GitLab CE/EE version: 18.4 or later but not earlier than 18.4.1

Resolved Vulnerabilities

Cross-site scripting vulnerability in Script Gadgets in GitLab CE/EE (CVE-2025-9642)
Denial of Service Vulnerability in JSON Upload Handling in GitLab CE/EE (CVE-2025-10858)
Denial of service vulnerability due to query complexity limit bypass in GitLab CE/EE (CVE-2025-8014)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-9642, CVE-2025-10858, CVE-2025-8014

GitLab CE/EE version: 18.2.7
GitLab CE/EE version: 18.3.3
GitLab CE/EE version: 18.4.1

References

[1] GitLab Patch Release: 18.4.1, 18.3.3, 18.2.7
https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/

GitLab Product Security Update Advisory

Formbricks Security Update Advisory (CVE-2025-59934)

IBM Product Security Update Advisory

Tags:

Formbricks Security Update Advisory (CVE-2025-59934)

IBM Product Security Update Advisory