GitLab Product Security Update Advisory

Jan 13 2026

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-9222, CVE-2025-13761, CVE-2025-13772

GitLab CE/EE Versions: 18.2.2 and above but below 18.5.5
GitLab CE/EE version: 18.6 or higher but lower than 18.6.3
GitLab CE/EE version: 18.7 or later but not earlier than 18.7.1

Resolved Vulnerabilities

Stored cross-site scripting vulnerability in GitLab Flavored Markdown placeholder handling in GitLab CE/EE (CVE-2025-9222)
Cross-site scripting vulnerability in the web IDE in GitLab CE/EE (CVE-2025-13761)
Missing authentication vulnerability in the Duo Workflows API in GitLab EE (CVE-2025-13772)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-9222, CVE-2025-13761, CVE-2025-13772

GitLab CE/EE version: 18.5.5
GitLab CE/EE version: 18.6.3
GitLab CE/EE version: 18.7.1

References

[1] GitLab Patch Release: 18.7.1, 18.6.3, 18.5.5
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/

GitLab Product Security Update Advisory

Microsoft Edge browser (143.0.3650.139) version security update advisory

Mozilla Product Security Update Advisory

Tags:

Microsoft Edge browser (143.0.3650.139) version security update advisory

Mozilla Product Security Update Advisory