Developer Tools

In GitLab CE/EE versions 17.1 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-8405 was detected. This vulnerability allows authenticated users to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8405.

In GitLab CE/EE versions 11.10 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-4097 was detected. This vulnerability allows authenticated users to trigger a denial-of-service condition by uploading specially crafted images. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 8.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4097.

In GitLab CE/EE versions 18.4 prior to 18.4.5, 18.5 prior to 18.5.3 and 18.6 prior to 18.6.1 a high severity vulnerability CVE-2024-9183 was detected. This vulnerability allows authenticated attackers, under specific conditions, to exploit a time-of-check time-of-use (TOCTOU) race condition to obtain credentials from higher-privileged users and perform unauthorized actions in their context. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.5, 18.5.3 or 18.6.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9183.

In Nexus Repository versions 3.83.0 through 3.83.x a medium severity vulnerability CVE-2025-13488 was detected. Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This vulnerability allows an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability in the context of the user. To address this issue, users should upgrade Nexus Repository to version 3.84.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13488.

In GitLab CE/EE versions 13.2 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a low severity vulnerability CVE-2025-13611 was detected. This vulnerability allows authenticated users with access to certain logs to obtain sensitive tokens under specific conditions due to improper handling of sensitive information in log files. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13611.

In GitLab CE/EE versions 18.3 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-12653 was detected. This vulnerability could allow unauthenticated users to join arbitrary organizations by manipulating headers in certain requests under specific conditions. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12653.

In GitLab CE/EE versions 8.3 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-7449 was detected. This vulnerability allows authenticated users with specific permissions to cause a denial of service (DoS) condition through HTTP response processing. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7449.

In GitLab CE/EE versions 17.10 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a high severity vulnerability CVE-2025-12571 was detected. This vulnerability allows unauthenticated users to cause a denial of service (DoS) by sending specially crafted requests containing malicious JSON payloads. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12571.

In GitLab EE versions 13.7 through 18.4.4, 18.5 through 18.5.2, and 18.6 before 18.6.1 a medium severity vulnerability CVE-2025-6195 was detected. This vulnerability could allow authenticated users to view information from security reports under certain configuration conditions. To address this issue, users should upgrade GitLab to versions 18.4.5, 18.5.3, 18.6.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6195.