GitLab Product Security Update Advisory

Oct 27 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-11702

GitLab EE Versions: 17.1 and above but below 18.3.5
GitLab EE version: 18.4 and above but below 18.4.3
GitLab EE version: 18.5 and above but below 18.5.1

CVE-2025-10497

GitLab CE/EE version: 17.10 or later but not earlier than 18.3.5
GitLab CE/EE version: 18.4 or later but not earlier than 18.4.3
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.1

CVE-2025-11447

GitLab CE/EE Version: 11.0 or later but before 18.3.5
GitLab CE/EE Version: 18.4 or later but not earlier than 18.4.3
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.1

Resolved Vulnerabilities

Improper access control vulnerability in GitLab EE (CVE-2025-11702)
Denial of Service Vulnerability in Event Collection in GitLab CE/EE (CVE-2025-10497)
Denial of Service Vulnerability in JSON Authentication in GitLab CE/EE (CVE-2025-11447)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-11702, CVE-2025-10497, CVE-2025-11447

GitLab EE version: 18.3.5
GitLab EE version: 18.4.3
GitLab EE version: 18.5.1

References

[1] GitLab Patch Release: 18.5.1, 18.4.3, 18.3.5
https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/#cve-2025-11447–…

GitLab Product Security Update Advisory

Google Chrome browser (141.0.7390.122/.123) security update advisory

Siemens Family Security Update Advisory

Tags:

Google Chrome browser (141.0.7390.122/.123) security update advisory

Siemens Family Security Update Advisory