GitLab has issued critical security updates to fix six vulnerabilities that could lead to denial-of-service, server-side request forgery, and information disclosure. Immediate upgrades are recommended for self-managed installations to prevent potential exploits. #GitLabSecurity #ServerSideRequestForgery
Keypoints
- GitLab released security updates for multiple versions to fix six critical vulnerabilities.
- The most severe flaw, CVE-2025-6454, allows authenticated users to perform SSRF attacks via webhook headers.
- Vulnerabilities include DoS risks through SAML response manipulation, file uploads, and token operations.
- All issues were discovered through GitLabβs HackerOne bug bounty program by multiple researchers.
- Immediate upgrades are advised for self-managed GitLab installations, with automatic updates for GitLab Dedicated users.
Read More: https://gbhackers.com/multiple-vulnerabilities-in-gitlab-patched/