Developer Tools

In GitLab CE/EE versions 15.6 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a low severity vulnerability CVE-2025-12734 was detected. This vulnerability allows authenticated users to leak sensitive information by exploiting improper encoding or escaping in specially crafted merge request titles. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12734.

In GitLab CE/EE versions 18.4 prior to 18.4.6, 18.5 prior to 18.5.4, and 18.6 prior to 18.6.2 a high severity vulnerability CVE-2025-12716 was detected. This vulnerability allows authenticated users to perform unauthorized actions on behalf of other users by creating wiki pages containing malicious content due to improper neutralization of input during web page generation (XSS). To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12716.

In GitLab CE/EE versions 11.10 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-12562 was detected. This vulnerability allows unauthenticated users to cause a denial-of-service condition by sending crafted GraphQL queries that bypass query complexity limits, leading to uncontrolled resource consumption. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12562.

In GitLab CE/EE versions 17.5 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a medium severity vulnerability CVE-2025-13978 was detected. This vulnerability allows authenticated users to obtain the names of private projects they do not have access to via API error messages, potentially exposing sensitive project information. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13978.

In GitLab CE/EE versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 a medium severity vulnerability CVE-2025-14157 was detected. This vulnerability allows authenticated users to trigger a denial-of-service condition by sending crafted API requests containing excessively large content parameters, leading to uncontrolled resource consumption. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.2, 18.5.4 or 18.4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-14157.