—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitLab Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

GitLab versions prior to 18.3.1, 18.2.5 and 18.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE)

Overview

Multiple vulnerabilities have been reported in GitLab products, which could allow a remote attacker to cause denial of service (DoS) conditions, perform code injection and access sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using affected Gitlab Products.

Risk Assessment:

High risk of unauthorized access to sensitive data and denial of service (DoS) conditions.

Impact Assessment:

Potential for denial-of-service (DoS) conditions and unauthorized access to sensitive information.

Description

GitLab is a web-based DevOps platform that provides tools for software developments, including source code management, continuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edition (EE) versions.

These vulnerabilities exist in various components of GitLab community Edition (CE) and Enterprise Edition (EE) due to improper authentication, unrestricted resource allocation and code injection issues. An attacker could exploit these vulnerabilities by sending specially crafted re-quests.

Successful exploitation of these vulnerabilities could allow an attacker to cause denial of service (DoS) conditions, perform code injection and access sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned in GitLab Security Release

https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/

Vendor Information

GitLab

https://about.gitlab.com/releases/categories/releases/

References

GitLab

https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/

CVE Name

CVE-2025-2246

CVE-2025-3601

CVE-2025-4225

CVE-2025-5101

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIyBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmi4SQQACgkQ3jCgcSdc

ys+57g/1HEdM2+bq0BMJ7fId3shYLmn02fshq7fhusvNGihfDpbdOwRNfghHkmdM

PnsvgeZHKGFAoaYFZXxymSmYjY4GMPkU25FlqUqo30rXeJTGr4bVDppkE0ssOFU3

lqX/0GOwukrx69Shcd/4VLZAFibZS33SEq5duGGXZT7Yg0RZL7eHW0EyQtdtjDjU

rMzq6hmHmsP0gCko3q1EfC1v/1aU5RK3R+Aq0nxQE8loVpCRGbYPvj8/MiBoV7Nt

00gwI0pI1C9Zt2PJG49Q1MRgafIWn65TgdJ2VJ4D1D/goBZX9EVJut5edyj4FqNs

NrfqSkmAE106dyuQ1Qa4YYX6VgKkH+acj4gIxVlM+PxAuHcVkmDEiLoEktDMIYJ4

umUvIpkQoCteAD2/p7rj8RkWwSw1YX+Q1ZUN7s0MBkypqY53l6hCWJC7Skf+qoP5

kH4Y1lClMYI0tjeC4Rqr6p/JQ5RKnvciyx8yro0tYU0SkPVH31AKtoANRhlD2nrW

iAlV/cOhwyJy3/cfReQygg3X7v4Vk4anGvOgqMlVGjW1I+W41eRe08P+aIz7zvuh

KGliLj8fmZoHr5SsIEKfBUpvyYz618bSCXWcnUgBm0opkqeNalt+/OGLpUWp2zFY

FgMgk3JB81v3p6oWdQYFkTFlTJhgjPdaCi/iN3Ous3874HRveA==

=RpVq

—–END PGP SIGNATURE—–