Developer Tools

In GitLab CE/EE versions 17.9 before 17.9.6 and 17.10 before 17.10.4 a low severity vulnerability CVE-2025-2469 was detected. This vulnerability allows unauthenticated attackers to access runtime profiling data of a specific service. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.4, 17.9.6 or 17.8.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2469.

In GitLab CE/EE versions from 13.12 before 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-2408 was detected. This vulnerability allows attackers to bypass IP access restrictions under certain conditions and view sensitive information. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2408.

In GitLab CE/EE versions up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-1677 was detected. This vulnerability allows attackers to trigger a Denial of Service (DoS) by injecting oversized payloads into CI pipeline exports. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1677.

In GitLab CE/EE versions from 7.7 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2025-0362 was detected. This vulnerability allows attackers, under certain conditions, to trick users into unintentionally authorizing sensitive actions on their behalf. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0362.

In GitLab EE versions from 17.1 up to 17.8.7, 17.9 before 17.9.6 and 17.10 before 17.10.4 a medium severity vulnerability CVE-2024-11129 was detected. This vulnerability allows attackers to perform targeted searches using sensitive keywords to retrieve the count of issues containing those terms, leading to potential information disclosure. To address this issue, users should upgrade GitLab EE to versions 17.8.7, 17.9.6 or 17.10.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11129.

In Helm versions prior to 3.17.3 a medium vulnerability CVE-2025-32387 was detected. This vulnerability allows attackers to craft a deeply nested chain of references within a JSON Schema file in a Helm chart, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. To address this issue, users should upgrade Helm to versions 3.17.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32387.

In Helm versions prior to 3.17.3 a medium severity vulnerability CVE-2025-32386 was detected. This vulnerability allows attackers to craft a chart archive file that expands significantly when uncompressed (e.g., >800x the compressed size), and when Helm loads this specially crafted chart, it can cause memory exhaustion, leading to the termination of the application. To address this issue, users should upgrade Helm to version 3.17.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32386.

In Jenkins versions 2.503 and prior, LTS 2.492.2 and prior a medium severity vulnerability CVE-2025-31721 was detected. This vulnerability allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent and gain access to encrypted secrets in its configuration. To address this issue, users should upgrade Jenkins to versions 2.504 or later, or LTS versions 2.492.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31721.

In Jenkins versions 2.503 and earlier, LTS 2.492.2 and earlier a medium severity vulnerability CVE-2025-31720 was detected. This vulnerability allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. To address this issue, users should upgrade Jenkins to versions 2.504 or later, or LTS versions 2.492.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31720.