GitLab Product Security Update Advisory (CVE-2025-11224)

Jan 16 2026

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-11224

GitLab CE/EE Versions: 15.10 and above but below 18.3.6
GitLab CE/EE Versions: 18.4 and higher but lower than 18.4.4
GitLab CE/EE version: 18.5 or later but not earlier than 18.5.2

Resolved Vulnerabilities

Cross-site scripting vulnerability in the k8s proxy in GitLab CE/EE (CVE-2025-11224)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-11224

GitLab CE/EE version: 18.3.6
GitLab CE/EE Version: 18.4.4
GitLab CE/EE version: 18.5.2

References

[1] GitLab Patch Release: 18.5.2, 18.4.4, 18.3.6
https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

GitLab Product Security Update Advisory (CVE-2025-11224)

Palo Alto Networks (Prisma Browser, Cloud NGFW, PAN-OS, Prisma Access) Product Family January 2026 Security Update Advisory

MS Family January 2026 Routine Security Update Advisory

Tags:

Palo Alto Networks (Prisma Browser, Cloud NGFW, PAN-OS, Prisma Access) Product Family January 2026 Security Update Advisory

MS Family January 2026 Routine Security Update Advisory