Developer Tools

In Apache ActiveMQ versions from 6.0.0 before 6.1.6, 5.18.0 before 5.18.7, 5.17.0 before 5.17.7 and before 5.16.8 a medium severity vulnerability CVE-2025-27533 was detected. This vulnerability allows attackers to trigger excessive memory allocation during unmarshalling of OpenWire commands, leading to a denial of service (DoS). To address this issue, users should upgrade Apache ActiveMQ to versions 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7 or 5.16.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27533.

In GitLab CE/EE versions 12.0 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2025-1278 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1278.

In GitLab CE/EE versions 17.3 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2025-0549 was detected. This vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0549.

In GitLab CE/EE versions 17.1 before 17.9.8, 17.10 before 17.10.6 and 17.11 before 17.11.2 a medium severity vulnerability CVE-2024-8973 was detected. This vulnerability allows attackers to cause a Denial of Service (DoS) condition via GitHub import requests using a maliciously crafted payload. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.8, 17.10.6 or 17.11.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8973.

In Zitadel versions prior to 3.0.0, 2.71.9 and 2.70.10 a high severity vulnerability CVE-2025-46815 was detected. This vulnerability allows attackers with access to the application’s predefined URI to retrieve authentication tokens and user IDs by repeatedly using idp intents, enabling them to authenticate on behalf of the user. To address this issue, users should upgrade Zitadel to versions 3.0.0, 2.71.9 or 2.70.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46815.

In GitLab EE/CE versions from 16.6 before 16.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1908 was discovered. This issue could allow an attacker to track users’ browsing activities, potentially leading to full account takeover. To address this issue, users should upgrade GitLab EE/CE to versions 16.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1908.

In GitLab CE/EE versions from 16.7 before 17.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a medium severity vulnerability CVE-2025-0639 was discovered. This issue affects service availability through the issue preview feature. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0639.

In GitLab EE versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5 and 17.11 prior to 17.11.1 a medium severity vulnerability CVE-2024-12244 was discovered. This issue in access controls may allow users to view restricted project information even when related features are disabled. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12244.

In Backstage Scaffolder plugin (permissions backend) a medium severity vulnerability CVE-2025-32791 was detected. This vulnerability allows callers to extract limited information about the conditional decisions returned by the installed permission policy in the permission backend, though there is no impact if the permission system is disabled or the policy does not use conditional decisions. To address this issue, users should upgrade Backstage Scaffolder plugin to version 0.6.0 of the permissions backend. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32791.