GitLab has issued security updates to fix multiple vulnerabilities in its DevSecOps platform, including critical flaws that could allow account takeover and malicious job injections. All self-managed GitLab installations are urged to upgrade immediately to mitigate these security risks. #CVE-2025-4278 #CVE-2025-5121 #GitLabsecurity
Keypoints
- GitLab released security patches for versions 18.0.2, 17.11.4, and 17.10.8 to fix vulnerabilities.
- The flaws include an HTML injection (CVE-2025-4278) that can lead to account takeover.
- A missing authorization issue (CVE-2025-5121) affects GitLab Ultimate EE and enables malicious CI/CD job injections.
- Other patched vulnerabilities include cross-site scripting (CVE-2025-2254) and a DoS flaw (CVE-2025-0673).
- GitLabβs platform, used by many Fortune 100 companies, remains a high-value target for cyberattacks on repositories.