—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Gitlab

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Medium

Systems Affected 

• Gitlab versions prior to 18.5.2, 18.4.4 and 18.3.6 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Overview

Multiple vulnerabilities have been reported in GitLab that could be exploited by an attacker to bypass security restrictions, cause denial of service conditions or conduct session hijacking on the targeted system.

Target Audience

All organizations and individuals using Gitlab

Risk Assessment 

Risk of cross site scripting attacks, unauthorized access to data and system instability

Impact Assessment

Potential Exposure for data theft, sensitive information disclosure and system crash

Description

GitLab is a web-based DevOps platform that provides tools for software development, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.

Multiple vulnerabilities exist in the GitLab due to improper input validation issues, incorrect authorization checks, improper filtering/access control. An attacker could exploit these vulnerabilities by injecting/executing specially crafted request on the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions, cause denial of service conditions or conduct session hijacking on the target system.

Solution

Apply appropriate updates as mentioned:

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

Vendor Information

Gitlab

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

References

https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/

CVE Name

CVE-2025-2615

CVE-2025-6171

CVE-2025-6945

CVE-2025-7000

CVE-2025-7736

CVE-2025-11224

CVE-2025-11865

CVE-2025-11990

CVE-2025-12983

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkoBiwACgkQ3jCgcSdc

ys8LRBAAllzQJLcr/v8xMaTaufA8euj6cSk6Z93t+53sQzLgGXQBZwqG90giZecW

xCep0s1U8xpIXuy8O0GBQtct1Iq5yeR2eRwv6w2975n2zSPHLSNBvTr6FSq6wkT0

mLZ5HldV8zlren5BSpx2RkpI9xxT0//kDwtfFSqK25ct2jveu+14j1KkJr5KHhbc

ztEwEFf/cSYA3SSf2b7R3nNNQNGY2hOsEhlIH1+nnuXb7WOjIxiVvc6ddREP/SV2

BjOFGg8e+01CctsVOZ8ntQxEUZc2tz53QVLFjAlh7evzhNpqcK86XktFfFiO852t

jCMVwLb4RfbqqLiy916j3MAfC3KrPkpryNMQM3RJSxfpEdrnDndUi7p660ZseMjB

JgCjqXK7SnAj71hOu5/sko2fjS9hCdrvw54vl43xYmq6dkGd0A+xAdEhbBM8pWwc

op8x7yIBZ4B82/OungEh1f8ZsVSwEdM2KsRXM2JpX3W/QclbSz7Uq3gfrpyjJbYi

cGLlN7N6HAKY/FNesYj4rUS7UiTLzGRw52LncOYVKHsFM4QQMMHBHD+fa1Ux18CE

mnQOQxTtSSNum9bBnVHztgoNIx1ILt151mcslNixA6CwI6U/e4ILdDV+aLPyCIXy

y7P6RjMfQ/Yw+IqkN3CSGMO+KHKR7IXq56/NTt1aQAjAMg593u4=

=6rIb

—–END PGP SIGNATURE—–