—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitLab 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

GitLab CE/EE versions prior to 18.3.2, 18.2.6 and 18.1.6

Overview

Multiple vulnerabilities have been reported in GitLab which could allow an attacker to gain access to sensitive information, perform server-side request forgery (SSRF) and denial of service attacks on the targeted system.

Target Audience:

All organizations and individuals using GitLab.

Risk Assessment:

High Risk of unauthorized access to data and system instability.

Impact Assessment:

Potential for data theft, sensitive information disclosure and system crash.

Description

GitLab is a web-based DevOps platform that provides tools for software developments, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.

Multiple vulnerabilities exist in Gitlab which could be exploited by an attacker by sending specially crafted requests to the targeted system.

Successful Exploitation of these vulnerabilities could allow an attacker to gain access to sensitive information, perform server-side request forgery (SSRF) and denial of service attacks on the targeted system.

Solution

Apply appropriate update as mentioned in GitLab security release:

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/

Vendor Information

Gitlab

https://about.gitlab.com/releases/

References

Gitlab

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/

CVE Name

CVE-2025-10094

CVE-2025-1250

CVE-2025-2256

CVE-2025-6454

CVE-2025-6769

CVE-2025-7337

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjWlqcACgkQ3jCgcSdc

ys88bQ/+OyRZwRhcnlj7BrE1Y2UFBgXVg7u+Z28sxTLV94fA/l6e3DAwbNR8vzun

bnC7U+XLaZ9AXo7a2HwQonq7+RLtbUizOq2Jkdq2YSpHlZ1syOeidhLJM6ibhxiu

7oFX3p6yyLERpFuB8uigZVp0lVKBXJ68Ctu5fTpRfTXvW7t4/0VA2RvfJFED0sk/

0b+8SP22cM8pF6maZrNzrLq7K4f6cC7AL+ZQkDpwD5A2OnGr8UcxmtG5JX4tbNei

xZERyJMYJjfQXGKlh62xDjJfKqiI0LPElo1uD2d4MkZrsglH0XXfGE/L38qBW8RQ

5gweBPIta8R1tm0ZUXJGrV8ZUl12uleZuHokRhBGC00KKnXeET8cjZZtW3YLR6ku

XGcQQUD64179x++FNCE8zCf3BAaLcY4gs9UmS4SNsjvcnhNnlNzAX53iy7Jd1eo+

KxmRxfSoOIe+TWyG/ah0ZS51z6RHDhCqLKTmn62GVKsFRC8o2XKqmepGnt9oer6N

OO4ohtwXUWJBhNOVW5uLH2mbL91BVbeYUKIcPqChzGtxoj18wUVlDjKJzC6ch1Xh

Y4DF4wHHNFGS4LJNyF/MFQRcHK94R82AVKQGnpOdKtE1khoTvCwXZzD3Sfvzusys

5N3CrMDwhfLkHw+/9t6Phql1kzZrmbfm6y5ZXNLTsoKw4LfIrx0=

=qzNN

—–END PGP SIGNATURE—–