GitLab Publishes Security Update Addressing Several Vulnerabilities
GitLab has released critical security patches addressing six vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with two high-severity cross-site scripting (XSS) flaws requiring immediate attention from self-managed installations.
The security update, distributed through versions 18.2.1, 18.1.3, and 18.0.5, includes fixes for vulnerabilities that could potentially allow unauthorized access to sensitive information and enable malicious script execution in specific deployment scenarios.
Critical Security Vulnerabilities Identified
The most severe issues identified in this security release center around cross-site scripting vulnerabilities affecting GitLab’s Kubernetes proxy functionality.
CVE-2025-4700, with a CVSS score of 8.7, represents a high-severity XSS vulnerability that could allow authenticated attackers to trigger unintended content rendering under specific circumstances. This vulnerability affects all GitLab CE/EE versions from 15.10 prior to the patched releases.
| CVE ID | Severity | CVSS Score | Description | Affected Versions |
| CVE-2025-4700 | High | 8.7 | XSS in Kubernetes Proxy (CE/EE) | 15.10 – 18.2.0 |
| CVE-2025-4439 | High | 7.7 | XSS in Kubernetes Proxy with CDNs (CE/EE) | 15.10 – 18.2.0 |
| CVE-2025-7001 | Medium | 4.3 | Information exposure via API (CE/EE) | 15.0 – 18.2.0 |
| CVE-2025-4976 | Medium | 4.3 | Access control in GitLab Duo (EE only) | 17.0 – 18.2.0 |
| CVE-2025-0765 | Medium | 4.3 | Service desk email exposure (CE/EE) | 17.9 – 18.2.0 |
| CVE-2025-1299 | Medium | 4.3 | Deployment job log access (CE/EE) | 15.4 – 18.2.0 |
A related high-severity vulnerability, CVE-2025-4439 (CVSS 7.7), specifically impacts GitLab instances served through certain content delivery networks (CDNs), enabling authenticated users to perform cross-site scripting attacks when specific network configurations are in place.
Both vulnerabilities were discovered and reported through GitLab’s HackerOne bug bounty program by security researcher joaxcar.
Four additional medium-severity vulnerabilities address various information disclosure and access control weaknesses.
CVE-2025-7001 affects resource group information access through the API, potentially allowing privileged users to view data that should remain restricted.
The vulnerability impacts versions from 15.0 across both CE and EE distributions.
GitLab Enterprise Edition users face an additional concern with CVE-2025-4976, which could permit attackers to access internal notes within GitLab Duo responses under certain circumstances. This EE-specific vulnerability affects versions from 17.0 onward.
GitLab strongly recommends that all self-managed installations upgrade immediately to the latest patched versions.
GitLab.com has already implemented these fixes, while GitLab Dedicated customers require no action.
Organizations should prioritize updating systems exposed to external networks, particularly those utilizing Kubernetes proxy features or CDN configurations.
The company maintains its commitment to transparency by publishing detailed vulnerability information 30 days post-release through their public issue tracker.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
Source link
