SB2025061214 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Published: June 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: CVE-2025-4278)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the search page. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Cross-site scripting (CVE-ID: CVE-2025-2254)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the snippet viewer. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Missing Authorization (CVE-ID: CVE-2025-5121)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization. A remote user can inject a specially crafted CI/CD job into all future CI/CD pipelines of any project.
4) Infinite loop (CVE-ID: CVE-2025-0673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can consume all available system resources and cause denial of service conditions.
5) Input validation error (CVE-ID: CVE-2025-1516)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within unbounded Webhook token names. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-1478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within unbounded Board Names. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
7) Information disclosure (CVE-ID: CVE-2024-9512)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can send a timed clone request when a secondary node is out of sync and clone a legitimate user’s private repository.
8) Input validation error (CVE-ID: CVE-2025-5996)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within uncontrolled HTTP response processing. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
9) Information disclosure (CVE-ID: CVE-2025-5195)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can access arbitrary compliance frameworks and gain unauthorized access to sensitive information on the system.
10) Information disclosure (CVE-ID: CVE-2025-5982)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can bypass IP access restrictions and gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.