Developer Tools

In Zitadel versions prior to 2.71.0 a critical severity vulnerability CVE-2025-27507 was detected. This vulnerability allows authenticated users, without specific IAM roles, to modify sensitive settings due to Insecure Direct Object Reference (IDOR) issues in the Admin API, with the most critical impact being the ability to manipulate LDAP configurations. However, customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. To address this issue, users should upgrade Zitadel to versions 2.71.0, 2.70.1, 2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5 or 2.63.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27507.

In GitLab EE versions 16.6 prior to 16.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a high severity vulnerability CVE-2025-0555 was detected. This vulnerability allows attackers to bypass security controls and execute arbitrary scripts in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0555.

In GitLab CE/EE versions 15.10 prior to 17.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a high severity vulnerability CVE-2025-0475 was detected. This vulnerability allows attackers to exploit the proxy feature, potentially leading to unintended content rendering and cross-site scripting (XSS) under specific circumstances. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0475.

In GitLab EE versions 16.2 prior to 17.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a medium severity vulnerability CVE-2024-10925 was detected. This vulnerability allows attackers to access and view sensitive security configurations in the system. To fix this issue, users should upgrade GitLab EE to versions 17.7.6, 17.8.4 or 17.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10925.

In GitLab CE/EE versions 16.6 before 17.7.6, 17.8 before 17.8.4 and 17.9 before 17.9.1 a medium severity vulnerability CVE-2024-8186 was detected. This vulnerability allows attackers to inject HTML into the child item search, potentially leading to cross-site scripting (XSS) in certain situations. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8186.

In GitLab EE versions 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1042 was detected. This vulnerability allows attackers to view repositories in an unauthorized way due to an insecure direct object reference. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1042.

In GitLab CE/EE versions 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1198 was detected. This vulnerability allows revoked Personal Access Tokens to maintain access to streaming results due to long-lived connections in ActionCable. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1198.

In GitLab CE/EE versions 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1212 was detected. This vulnerability allows attackers to send crafted requests to a backend server to reveal sensitive information. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1212.

In GitLab EE versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2024-3303 was detected. This vulnerability allows attackers to exfiltrate the contents of a private issue using prompt injection. To address this issue, users should upgrade GitLab EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-3303.