CVE-2025-0314

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.2 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1

Description An issue has been discovered in GitLab CE/EE, where improper rendering of certain file types leads to cross-site scripting. This issue can be exploited to compromise the security of GitLab instances. The problem is caused by stored cross-site scripting (XSS), resource exhaustion, and protected CI/CD variables exfiltration. A significant number of Internet users may be potentially affected.

Recommendations For versions 17.2 through 17.6.4, update to version 17.6.4 or later to prevent potential attacks. For versions 17.7 through 17.7.3, update to version 17.7.3 or later to prevent potential attacks. For versions 17.8 through 17.8.1, update to version 17.8.1 or later to prevent potential attacks.