GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure.
The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition, with immediate upgrades strongly recommended for all self-managed installations.
Critical Security Fixes Target Multiple Attack Vectors
The most severe vulnerability, CVE-2025-6454, carries a CVSS score of 8.5 and enables authenticated users to perform server-side request forgery attacks through webhook custom headers.
This high-severity flaw affects all GitLab versions from 16.11 onwards and allows attackers to make unintended internal requests through proxy environments by injecting crafted sequences.
Another high-severity issue, CVE-2025-2256, creates denial-of-service conditions through SAML response manipulation.
| CVE Number | Vulnerability Type | Severity | CVSS Score |
| CVE-2025-2256 | DoS in SAML Responses | High | 7.5 |
| CVE-2025-6454 | SSRF in Webhook Headers | High | 8.5 |
| CVE-2025-1250 | DoS in User-Controllable Fields | Medium | 6.5 |
| CVE-2025-7337 | DoS in File Upload Endpoint | Medium | 6.5 |
| CVE-2025-10094 | DoS in Token Operations | Medium | 6.5 |
| CVE-2025-6769 | Information Disclosure | Medium | 4.3 |
With a CVSS score of 7.5, this vulnerability affects an extensive range of versions dating back to GitLab 7.12, allowing unauthorized users to render GitLab instances unresponsive by sending multiple concurrent large SAML responses.
The security release addresses multiple denial-of-service attack vectors beyond SAML responses.
CVE-2025-1250 enables authenticated users to stall background job processing through specially crafted commit messages, merge request descriptions, or notes, affecting versions from 15.0 onwards with a CVSS score of 6.5.
File upload mechanisms also received attention, with CVE-2025-7337 addressing how authenticated users with Developer-level access could cause persistent denial-of-service conditions by uploading large files.
This vulnerability affects versions from GitLab 7.8 onwards and carries a CVSS score of 6.5.
Token-related operations present another attack surface, as CVE-2025-10094 demonstrates how authenticated users can disrupt token listings and administrative operations by creating tokens with excessively large names. This medium-severity vulnerability affects versions from 10.7 onwards.
The security release also addresses CVE-2025-6769, an information disclosure vulnerability with a CVSS score of 4.3.
This issue allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces, affecting versions from 15.1 onwards.
All vulnerabilities were discovered through GitLab’s HackerOne bug bounty program, with researchers yuki_osaki, ppee, pwnie, and iamgk808 credited for their responsible disclosure.
GitLab.com already runs the patched versions, while GitLab Dedicated customers require no action as updates are managed automatically.
The company emphasizes that security issues become public on their issue tracker 30 days after patch release, reinforcing the importance of immediate upgrades for self-managed installations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
