Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enable cross-site scripting, authorization bypass, and denial of service in selfmanaged instances.
The latest patch releases, GitLab 18.7.1, 18.6.3, and 18.5.5, address these security issues alongside several bug fixes and dependency updates, and are already deployed on GitLab.com.
GitLab security update overview
GitLab publishes security fixes as part of regular twicemonthly patch releases, as well as adhoc patches for critical issues, and recommends that all customers stay on the latest patch for their supported branch.
The newly released versions remediate vulnerabilities affecting core features such as GitLab Flavored Markdown, the Web IDE, Duo Workflows, AI GraphQL endpoints, import functionality, and runner management.
| CVE ID | Description | CVSS v3.1 |
| CVE-2025-9222 | Stored XSS via crafted Markdown placeholders, allowing script execution in victim browsers. | 8.7 (High) |
| CVE-2025-13761 | XSS that lets an unauthenticated attacker execute code in an authenticated user’s browser via a crafted webpage. | 8.0 (High) |
| CVE-2025-13772 | Missing authorization lets users access AI model settings from unauthorized namespaces. | 7.1 (High) |
| CVE-2025-13781 | Missing authorization allows modification of instancewide AI provider settings. | 6.5 (Medium) |
| CVE-2025-10569 | Authenticated users can trigger denial of service via crafted responses to external API calls. | 6.5 (Medium) |
| CVE-2025-11246 | Insufficient access control granularity lets users remove project runners from unrelated projects. | 5.4 (Medium) |
| CVE-2025-3950 | Information disclosure by leaking connection details via specially crafted images that bypass asset proxy. | 3.5 (Low) |
These updates apply to all deployment types omnibus packages, source installations, Helm charts, and others unless a product type is explicitly excluded, meaning most selfmanaged environments require action.
The most severe issues include stored and reflected crosssite scripting that could allow attackers to execute arbitrary JavaScript in the browsers of GitLab users.
Missing authorization checks in Duo Workflows and AI GraphQL mutations could let lowprivileged users access or modify AI configuration outside their permitted namespaces.
Other flaws involve denial of service in import functionality, insufficient access control granularity for GraphQL runner updates, and information disclosure through Mermaid diagram rendering that may leak sensitive connection information.
Together, these issues threaten the integrity of project data, the confidentiality of configuration details, and the availability of GitLab services in affected versions.
GitLab strongly advises all administrators to upgrade to the latest patch in their series 18.7.1, 18.6.3, or 18.5.5 as soon as possible to mitigate these vulnerabilities.
Singlenode instances should expect downtime during the upgrade due to database migrations, while multinode environments can follow GitLab’s zerodowntime procedures to avoid service interruption.
Admins should also review GitLab documented best practices for securing instances, including keeping up with patch releases, hardening external access, and monitoring for unusual activity in features exposed by the patched vulnerabilities.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.