[CIVN-2025-0201] Multiple Vulnerabilities in GitLab Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in GitLab Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
GitLab versions prior to 18.3.1, 18.2.5 and 18.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE)
Overview
Multiple vulnerabilities have been reported in GitLab products, which could allow a remote attacker to cause denial of service (DoS) conditions, perform code injection and access sensitive information on the targeted system.
Target Audience:
All end-user organizations and individuals using affected Gitlab Products.
Risk Assessment:
High risk of unauthorized access to sensitive data and denial of service (DoS) conditions.
Impact Assessment:
Potential for denial-of-service (DoS) conditions and unauthorized access to sensitive information.
Description
GitLab is a web-based DevOps platform that provides tools for software developments, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.
These vulnerabilities exist in various components of GitLab community Edition (CE) and Enterprise Edition (EE) due to improper authentication, unrestricted resource allocation and code injection issues. An attacker could exploit these vulnerabilities by sending specially crafted re-quests.
Successful exploitation of these vulnerabilities could allow an attacker to cause denial of service (DoS) conditions, perform code injection and access sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned in GitLab Security Release
https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/
Vendor Information
GitLab
https://about.gitlab.com/releases/categories/releases/
References
GitLab
https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/
CVE Name
CVE-2025-2246
CVE-2025-3601
CVE-2025-4225
CVE-2025-5101
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIyBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmi4SQQACgkQ3jCgcSdc
ys+57g/1HEdM2+bq0BMJ7fId3shYLmn02fshq7fhusvNGihfDpbdOwRNfghHkmdM
PnsvgeZHKGFAoaYFZXxymSmYjY4GMPkU25FlqUqo30rXeJTGr4bVDppkE0ssOFU3
lqX/0GOwukrx69Shcd/4VLZAFibZS33SEq5duGGXZT7Yg0RZL7eHW0EyQtdtjDjU
rMzq6hmHmsP0gCko3q1EfC1v/1aU5RK3R+Aq0nxQE8loVpCRGbYPvj8/MiBoV7Nt
00gwI0pI1C9Zt2PJG49Q1MRgafIWn65TgdJ2VJ4D1D/goBZX9EVJut5edyj4FqNs
NrfqSkmAE106dyuQ1Qa4YYX6VgKkH+acj4gIxVlM+PxAuHcVkmDEiLoEktDMIYJ4
umUvIpkQoCteAD2/p7rj8RkWwSw1YX+Q1ZUN7s0MBkypqY53l6hCWJC7Skf+qoP5
kH4Y1lClMYI0tjeC4Rqr6p/JQ5RKnvciyx8yro0tYU0SkPVH31AKtoANRhlD2nrW
iAlV/cOhwyJy3/cfReQygg3X7v4Vk4anGvOgqMlVGjW1I+W41eRe08P+aIz7zvuh
KGliLj8fmZoHr5SsIEKfBUpvyYz618bSCXWcnUgBm0opkqeNalt+/OGLpUWp2zFY
FgMgk3JB81v3p6oWdQYFkTFlTJhgjPdaCi/iN3Ous3874HRveA==
=RpVq
—–END PGP SIGNATURE—–