Summary: GitLab has issued a critical security advisory, urging users to update their installations to address nine identified vulnerabilities, most notably a high-severity Cross-Site Scripting (XSS) flaw. The affected versions include 17.8.2, 17.7.4, and 17.6.5 for both Community and Enterprise Editions. Users are strongly recommended to upgrade immediately to mitigate these security risks.
Affected: GitLab Community Edition (CE) and Enterprise Edition (EE)
Keypoints :
- High-severity XSS vulnerability (CVE-2025-0376) allowing unauthorized actions via change page with a CVSS score of 8.7.
- Other medium-severity vulnerabilities include denial of service, exfiltration of private issue content, and unauthorized repository access.
- GitLab strongly advises users to upgrade to versions 17.8.2, 17.7.4, or 17.6.5 immediately to secure their installations.