—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in GitLab 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Gitlab versions prior to 18.4.1, 18.3.3 and 18.2.7 for Community Edition (CE) and Enterprise Edition (EE).

Overview

Multiple vulnerabilities have been reported in GitLab, which could be exploited by an attacker to gain access to sensitive infor-mation, cause a denial-of-service (DoS) condition, execute cross-site scripting (XSS) attacks or obtain escalated privileges on the affected system.

Target Audience:

All organizations and individuals using Gitlab.

Risk Assessment:

High Risk of unauthorized access to data and system instability.

Impact Assessment:

Potential Exposure for data theft, sensitive information disclosure and system crash.

Description

GitLab is a web-based DevOps platform that provides tools for software development, including source code management, con-tinuous integration and continuous deployment. It is available in both open-source Community Edition (CE) and Enterprise Edi-tion (EE) versions.

Multiple vulnerabilities exist in Gitlab which could be exploited by an attacker by sending a specially crafted request to the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to gain access to sensitive information, cause a denial-of-service (DoS) condition, execute cross-site scripting (XSS) attacks or obtain escalated privileges on the affected system.

Solution

Apply appropriate updates as mentioned in GitLab Security release:

https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/

Vendor Information

GitLab

https://about.gitlab.com/releases/

References

GitLab

https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/

CVE Name

CVE-2025-5069

CVE-2025-7691

CVE-2025-8014

CVE-2025-9642

CVE-2025-9958

CVE-2025-10858

CVE-2025-10867

CVE-2025-10868

CVE-2025-10871

CVE-2025-11042

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlF68ACgkQ3jCgcSdc

ys+Row/9GK17QZ2S6hjZG5tlZGk41znUjByZvQnCFFmNx/aP49b7FDJYgWJApSXZ

pNWH9lbhb8LTr0C9tV//jt9vV4eIB6B2erHzNAC5EywSOOcV4hcWVsR5WpaUxwsy

d/Giz4wanSkj7rpCcoGS3Qw0pagYv8pzAZZwumsDzne/T6Mgdz71TFS2JnIZP4Ft

7sTWXTwxbmdAkFtZjf727JkoV/C1dNH2KJUqI6MIEudXcAKSAAFXnM3BbXWGpr+7

5YL3ehUH9q+gZ8eVssBn8W/Q6UZko54D3qxpHzVr7tTWP/52R6XaN6t4LqfynLQz

w5AYqU2M2u/hpo0qrgXbJgKSIh1S8HTCP1Cu6LbtdbirNlNtRrteVrHk2eDFCuth

PgLnNEsEoTXTHOsQi9iQo2fBYy/X9B7QPdEMGiNDpBz8ua0edj1yMCWsjB4jn4Rx

XdaHUW5qakIAzdwLFGUdjnvBZ/Bg9BOroDz0nwkEoYfalSrstEUZjwpBVbYIJzSZ

gON5MFu6fnpdgcyczzHIuYUe/RGet6iYzgQ/GepUSkKtodqlDEPXoIRQOkmWP7rX

+RGK9pPgtCfQ6LVRp7ACHFIscoY0NZIyInZTfrSN0YGHsxj014PtAGMYvGbsBPJi

GcnvnWilpDWDwiAUX8tpIki7WwygeFrzoU/qviwhfNZfKOkg7f4=

=QTV2

—–END PGP SIGNATURE—–