Developer Tools

In GitLab CE/EE versions from 10.2 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-3111 was detected. This vulnerability is due to insufficient input validation in the Kubernetes integration, allowing an authenticated user to cause a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3111.

In GitLab CE/EE versions before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-2853 was detected. This vulnerability stems from insufficient validation, allowing an authenticated user to cause a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2853.

In GitLab CE/EE versions from 18.0 before 18.0.1 a low severity vulnerability CVE-2025-1110 was detected. This vulnerability allows a user with limited permissions to access job data through a crafted GraphQL query under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1110.

In Apache ActiveMQ versions from 6.0.0 before 6.1.6, 5.18.0 before 5.18.7, 5.17.0 before 5.17.7 and before 5.16.8 a medium severity vulnerability CVE-2025-27533 was detected. This vulnerability allows attackers to trigger excessive memory allocation during unmarshalling of OpenWire commands, leading to a denial of service (DoS). To address this issue, users should upgrade Apache ActiveMQ to versions 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7 or 5.16.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27533.

In GitLab CE/EE versions 12.0 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2025-1278 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1278.

In GitLab CE/EE versions 17.3 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2025-0549 was detected. This vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0549.

In GitLab CE/EE versions 17.1 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2024-8973 was detected. This vulnerability allows attackers to cause a Denial of Service (DoS) condition via GitHub import requests using a maliciously crafted payload. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8973.

In Zitadel versions prior to 3.0.0, 2.71.9 and 2.70.10 a high severity vulnerability CVE-2025-46815 was detected. This vulnerability allows attackers with access to the application’s predefined URI to retrieve authentication tokens and user IDs by repeatedly using idp intents, enabling them to authenticate on behalf of the user. To address this issue, users should upgrade Zitadel to versions 3.0.0, 2.71.9 or 2.70.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46815.

In GitLab EE/CE versions from 16.6 before 16.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1908 was discovered. This issue could allow an attacker to track users’ browsing activities, potentially leading to full account takeover. To address this issue, users should upgrade GitLab EE/CE to versions 16.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1908.