Gitlab security vulnerabilities: downgraded admins retain far-reaching rights
Several vulnerabilities threaten the Gitlab software development platform. Versions equipped against possible attacks are available for download.
(Image: Alfa Photo/Shutterstock.com)
Attackers can exploit seven vulnerabilities in Gitlab Community Edition and Enterprise Edition. According to the provider, secure editions are already running on Gitlab.com. So far, there are no reports of ongoing attacks. However, admins should not wait too long to install the security patches.
Standard user with admin rights
In a warning message, the developers write that three vulnerabilities (CVE-2025-2255, CVE-2025-0811, CVE-2025-2242) are classified with a"high" threat level. In the first two cases, XSS attacks are possible and attackers can execute their own code. It is not clear from the description whether these are persistent XSS vulnerabilities.
Videos by heise
The third of these vulnerabilities is a security problem in the assignment of rights. If an admin is downgraded to a normal user, their admin rights are retained. By successfully exploiting the remaining gaps, attackers can view data without authorization.
The developers assure us that they have closed the gaps in versions 17.8.6, 17.9.3 and 17.10.1.
(des)
