PT-2025-25288 · Gitlab · Gitlab Ce/Ee
Published
2025-06-11
·
Updated
2025-07-27
·
CVE-2025-2254
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 17.9 through 17.10.7
GitLab CE/EE versions 17.11 through 17.11.3
GitLab CE/EE versions 18.0 through 18.0.1
Description
The issue is related to improper output encoding in the snippet viewer functionality, leading to Cross-Site scripting attacks. This allows a remote attacker to conduct an attack, potentially injecting code.
Recommendations
For GitLab CE/EE versions 17.9 through 17.10.7, update to version 17.10.8.
For GitLab CE/EE versions 17.11 through 17.11.3, update to version 17.11.4.
For GitLab CE/EE versions 18.0 through 18.0.1, update to version 18.0.2.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee