CVE-2025-11224

Name of the Vulnerable Software and Affected Versions GitLab versions 3.1 through 7.7

Description Multiple vulnerabilities exist in GitLab CE and EE, including Cross-Site Scripting (XSS), Information Disclosure, and Prompt Injection. These issues could potentially lead to a compromise of systems. A high-severity XSS flaw (CVE-2025-11224) specifically poses a risk of Kubernetes proxy session hijacking. The number of potentially affected devices worldwide is not specified. The API endpoints and vulnerable parameters are not specified.

Recommendations Update to a newer version of GitLab to address these vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.