GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition.
The company released versions 18.5.2, 18.4.4, and 18.3.6 to fix critical security issues that could allow attackers to compromise sensitive information and bypass access controls.
The most concerning vulnerability involves prompt injection attacks in GitLab Duo’s review feature. Attackers can inject hidden malicious prompts directly into merge request comments.
These hidden instructions trick the AI system into leaking sensitive information from confidential issues. This vulnerability affects GitLab Enterprise Edition versions 17.9 and later, potentially exposing classified project data to unauthorized users.
Beyond prompt injection, GitLab patched nine additional vulnerabilities ranging from high to low severity.
| CVE ID | Vulnerability Title | Type | Severity | CVSS Score |
|---|---|---|---|---|
| CVE-2025-11224 | Cross-site scripting issue in k8s proxy | XSS | High | 7.7 |
| CVE-2025-11865 | Incorrect Authorization issue in workflows | Authorization Bypass | Medium | 6.5 |
| CVE-2025-2615 | Information Disclosure issue in GraphQL subscriptions | Information Disclosure | Medium | 4.3 |
| CVE-2025-7000 | Information Disclosure issue in access control | Information Disclosure | Medium | 4.3 |
| CVE-2025-6945 | Prompt Injection issue in GitLab Duo review | Prompt Injection | Low | 3.5 |
| CVE-2025-6171 | Information Disclosure issue in packages API endpoint | Information Disclosure | Low | 3.1 |
| CVE-2025-11990 | Client Side Path Traversal issue in branch names | Path Traversal | Low | 3.1 |
| CVE-2025-7736 | Improper Access Control issue in GitLab Pages | Access Control | Low | 3.1 |
| CVE-2025-12983 | Denial of service issue in markdown | Denial of Service | Low | 3.1 |
A cross-site scripting (XSS) vulnerability in the Kubernetes proxy allows authenticated users to execute malicious scripts, affecting versions 15.10 and later.
An authorization bypass in workflows lets users remove AI flows belonging to other users, compromising workflow integrity. Information disclosure vulnerabilities also pose serious risks.
Attackers can access sensitive data through multiple vectors: blocked users establishing GraphQL subscriptions, unauthorized viewing of branch names through access control weaknesses, and information leakage via the packages API endpoint, even when repository access is disabled.
Additional vulnerabilities include path-traversal issues affecting branch names, improper access control in GitLab Pages that allows OAuth authentication bypasses, and denial-of-service attacks via specially crafted Markdown content.
GitLab strongly recommends upgrading to the patched versions immediately. The company has already updated GitLab.com, and GitLab Dedicated customers require no action.
Self-managed installations must prioritize immediate upgrades, as these vulnerabilities directly affect customer data security. The patches include database migrations that may affect upgrade processes.
Single-node instances will experience downtime during updates, while multi-node installations can implement zero-downtime upgrades using proper procedures.
GitLab researchers discovered most vulnerabilities through the HackerOne bug bounty program. The company commits to releasing security details 30 days after each patch on its public issue tracker.
All affected organizations should review their current GitLab versions and deploy patches without delay to protect against these escalating security threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
