Developer Tools

In GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-7691 was detected. This privilege escalation issue could allow a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7691.

In GitLab CE/EE versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 a low severity vulnerability CVE-2025-5069 was detected. This issue could allow an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim’s project. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5069.

In GitLab CE/EE versions from 17.2 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-11042 was detected. This vulnerability allows attackers to cause uncontrolled CPU consumption through specific GraphQL queries, potentially resulting in a Denial of Service (DoS) condition. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11042.

In GitLab EE versions from 16.6 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10871 was detected. This vulnerability allows Project Maintainers to exploit missing authorization checks and assign custom roles with permissions exceeding their own, effectively escalating their privileges. To address this issue, users should upgrade GitLab EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10871.

In GitLab CE/EE versions from 17.4 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a medium severity vulnerability CVE-2025-10868 was detected. This vulnerability allows attackers to exploit certain string conversion methods, causing performance degradation when processing large inputs. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10868.

In GitLab CE/EE versions from 18.1 before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a low severity vulnerability CVE-2025-10867 was detected. This vulnerability allows authenticated users to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10867.

In GitLab CE/EE versions before 18.2.7, 18.3 before 18.3.3 and 18.4 before 18.4.1 a high severity vulnerability CVE-2025-10858 was detected. This vulnerability allows unauthenticated users to cause a Denial of Service (DoS) condition by uploading specially crafted large JSON files. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.7, 18.3.3, 18.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10858.

In Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59476 was detected. This vulnerability allows attackers to forge log entries by injecting line break characters into user-controlled log message content, potentially misleading administrators reviewing logs. To address this issue users must upgrade to Jenkins weekly 2.528 and to Jenkins LTS 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59476.

In Jenkins versions 2.527 and earlier, and LTS 2.516.2 and earlier a medium severity vulnerability CVE-2025-59475 was detected. This vulnerability allows attackers without Overall/Read permission to obtain limited information about Jenkins configuration by listing available options in the user profile dropdown menu. To fix this problem, users should upgrade Jenkins to version 2.528 and Jenkins LTS to version 2.516.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-59475.