Security vulnerabilities in Gitlab reported via bug bounty program closed
Attackers can target several vulnerabilities in Gitlab Community Edition and Enterprise Edition.
(Image: Alfa Photo/Shutterstock.com)
Important security patches have been released for the Gitlab software development platform. The developers have closed a total of five gaps.
In a post, the Gitlab developers state that they have solved the security problems in Gitlab Community Edition and Enterprise Edition 17.7.6, 17.8.4 and 17.9.1. The developers advise admins to update their Gitlab instances to the latest version as soon as possible. So far, there are no indications that attacks are already underway. Because Gitlab.com has already been patched, Gitlab Dedicated customers do not need to do anything.
Malicious code attacks
Two vulnerabilities (CVE-2025-0475, CVE-2025-0555) are classified with a threat level of "high". In both cases, attackers can execute malicious code in the course of XSS attacks under certain, unspecified circumstances. It is not clear from the description whether these are persistent XSS vulnerabilities.
Videos by heise
In the other cases, attackers can, among other things, view unauthorized data (CVE-2025-10925 "medium"). According to the developers, all vulnerabilities were reported via the bug bounty platform HackerOne.
The Gitlab developers last advised users to update quickly in mid-February.
(des)
