GitLab Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-12716

 

GitLab CE/EE Versions: 18.4 and above but below 18.4.6
GitLab CE/EE Versions: 18.5 and above but below 18.5.4
GitLab CE/EE version: 18.6 or later but not earlier than 18.6.2

 

CVE-2025-8405

 

GitLab CE/EE Version: 17.1 or later but not earlier than 18.4.6
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.4
GitLab CE/EE version: 18.6 or later but not earlier than 18.6.2

 

CVE-2025-12029

 

GitLab CE/EE version: 15.11 or later but not earlier than 18.4.6
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.4
GitLab CE/EE version: 18.6 or later but not earlier than 18.6.2

 

CVE-2025-12562

 

GitLab CE/EE Version: 11.10 or later but not earlier than 18.4.6
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.4
GitLab CE/EE version: 18.6 or later but not earlier than 18.6.2

 

 

Resolved Vulnerabilities

 

Cross-site scripting vulnerability in GitLab Wiki (CVE-2025-12716)
Improper Encoding Vulnerability in GitLab Vulnerability Reporting (CVE-2025-8405)
Cross-site scripting vulnerability in GitLab Swagger UI (CVE-2025-12029)
Denial of Service Vulnerability in GitLab GraphQL Endpoint (CVE-2025-12562)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-12716, CVE-2025-8405, CVE-2025-12029, CVE-2025-12562

 

GitLab CE/EE version: 18.4.6
GitLab CE/EE version: 18.5.4
GitLab CE/EE version: 18.6.2

 

 

References

 

[1] GitLab Patch Release: 18.6.2, 18.5.4, 18.4.6
https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/