Developer Tools

In Terraform Enterprise versions prior to 1.1.1 and 1.0.3 a medium severity vulnerability CVE-2025-13432 was detected. This vulnerability allows users with specific but insufficient permissions to create Terraform state versions in a workspace, potentially enabling infrastructure alteration if a subsequent plan operation is approved or auto-applied. To address this issue, users should upgrade Terraform Enterprise to versions 1.1.1, 1.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13432.

In GitLab CE/EE versions 13.7 through 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 a medium severity vulnerability CVE-2025-9825 was detected. This issue allows authenticated users without project membership to access sensitive manual CI/CD variables by querying the GraphQL API. These variables may contain confidential configuration details intended only for project members. To address this issue, users should upgrade GitLab to versions 18.2.9, 18.3.4, 18.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9825.

GitLab CE/EE versions 16.7 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 contain a medium severity vulnerability CVE-2025-2615. This vulnerability could allow a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections. To address this issue, users should upgrade GitLab to version 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2615.

In GitLab CE/EE versions 16.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-12983 was detected. This vulnerability allows authenticated attackers to trigger a denial of service condition by submitting specially crafted markdown content containing nested formatting patterns. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12983.

In GitLab CE/EE versions 17.9 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-7736 was detected. This vulnerability allows authenticated attackers to bypass access control restrictions and access GitLab Pages content intended only for project members by authenticating through OAuth providers. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7736.

In GitLab CE/EE versions 17.6 through 18.3.5, 18.4 through 18.4.3, and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-7000 was detected. This vulnerability could allow unauthorized users to view confidential branch names by accessing project issues associated with related merge requests under specific conditions. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7000.

In GitLab EE versions 17.8 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a low severity vulnerability CVE-2025-6945 was detected. This vulnerability allows authenticated attackers to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6945.

In GitLab CE/EE versions 13.2 through 18.3.5, 18.4 through 18.4.3 and 18.5 through 18.5.1 a medium severity vulnerability CVE-2025-6171 was detected. This vulnerability allows authenticated attackers with reporter access to view branch names and pipeline details via the packages API endpoint, even when repository access is disabled. To address this issue, users should upgrade GitLab to versions 18.3.6, 18.4.4, 18.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6171.

In GitHub Enterprise Server versions prior to 3.18.1, 3.17.7, 3.16.10, 3.15.14, and 3.14.19 a high severity vulnerability CVE-2025-11892 was detected. This vulnerability allows a DOM-based cross-site scripting (XSS) via the Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers when an attacker entices a user in sudo mode to click a crafted link. To fix this vulnerability, users should upgrade GitHub Enterprise Server to versions 3.18.1, 3.17.7, 3.16.10, 3.15.14 or 3.14.19 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11892.