Developer Tools

In GitLab CE/EE versions from 15.7 before 17.11.6, 18.0 before 18.0.4 and 18.1 before 18.1.2 a medium severity vulnerability CVE-2025-5819 was detected. This vulnerability allows authenticated users with developer access to obtain ID tokens for protected branches under certain conditions, due to incorrect permission assignment for a critical resource. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5819.

In GitLab CE/EE versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2937 was detected. This vulnerability allows authenticated users to cause a denial of service condition by sending specially crafted markdown payloads to the Wiki feature due to inefficient regular expression complexity. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2937.

In GitLab EE versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4 and 18.2 prior to 18.2.2 a medium severity vulnerability CVE-2025-2498 was detected. This vulnerability allows users, under certain conditions, to view assigned issues from restricted groups by bypassing IP restrictions due to insufficient granularity of access control. To address this issue, users should upgrade GitLab EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2498.

In GitLab CE/EE versions from 11.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2614 was detected. This vulnerability allows authenticated users to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed, due to lack of proper throttling or resource limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2614.

In GitLab CE/EE versions from 8.14 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-1477 was detected. This vulnerability allows unauthenticated users to cause a denial of service condition by sending specially crafted payloads to specific integration API endpoints, due to lack of proper resource limits and throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1477.

In GitLab EE versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4 and 18.2 prior to 18.2.2 a medium severity vulnerability CVE-2025-8770 was detected. This vulnerability allows authenticated attackers with specific access to bypass merge request approval policies by manipulating approval rule identifiers. To address this issue, users should upgrade GitLab EE to versions 18.0.6, 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8770.

In GitLab CE/EE versions from 18.2 before 18.2.2 a high severity vulnerability CVE-2025-7739 was detected. This vulnerability allows authenticated attackers to achieve stored cross-site scripting (XSS) by injecting malicious HTML content in scoped label descriptions. To address this issue, users should upgrade GitLab CE/EE to version 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7739.

In GitLab CE/EE versions 14.2 through 17.11.x before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 a high severity vulnerability CVE-2025-7734 was detected. This vulnerability allows attackers, under certain conditions, to inject malicious content that could execute actions on behalf of users due to improper neutralization of input during web page generation (Cross-Site Scripting). To address this issue, users should upgrade GitLab CE/EE to versions 18.0.6, 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7734.

In GitLab CE/EE versions from 18.1 before 18.1.4 and 18.2 before 18.2.2 a high severity vulnerability CVE-2025-6186 was detected. This vulnerability allows authenticated attackers to perform account takeover by injecting malicious HTML into work item names, due to improper neutralization of input during web page generation. To address this issue, users should upgrade GitLab CE/EE to versions 18.1.4 or 18.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6186.