GitLab Product Security Update Advisory

Oct 20 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-11340

GitLab EE Version: 18.3 and above but below 18.3.4
GitLab EE version: 18.4 and above but below 18.4.2

CVE-2025-10004

GitLab CE/EE version: 13.12 or later and less than 18.2.8
GitLab CE/EE version: 18.3 or later but not earlier than 18.3.4
GitLab CE/EE version: 18.4 or later but not earlier than 18.4.2

Resolved Vulnerabilities

Authorization Validation Error Vulnerability in GraphQL Change Requests in GitLab EE (CVE-2025-11340)
Denial of Service Vulnerability in GraphQL blob types in GitLab CE/EE (CVE-2025-10004)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-11340, CVE-2025-10004

GitLab CE/EE version: 18.4.2
GitLab CE/EE version: 18.3.4
GitLab CE/EE version: 18.2.8

References

[1] GitLab Patch Release: 18.4.2, 18.3.4, 18.2.8
https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

GitLab Product Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36128)

Spring Product Security Update Advisory (CVE-2025-41253)

Tags:

IBM Product Security Update Advisory (CVE-2025-36128)

Spring Product Security Update Advisory (CVE-2025-41253)