Security patches: Attackers can anchor malicious code on GitLab servers
The GitLab developers have closed a total of twelve security vulnerabilities. Attackers can compromise systems.
(Image: Photon photo/Shutterstock.com)
Attackers can exploit several vulnerabilities in the GitLab software development platform. The Community and Enterprise editions are affected. Security updates are available.
Secure instances
In a warning message, those responsible assure users that GitLab.com is already secured. They recommend that admins of on-premise instances should install the repaired versions 18.0.6, 18.1.4 or 18.2.2 as soon as possible. There is still no information whether attacks are already underway.
Four vulnerabilities (CVE-2025-7734, CVE-2025-7739, CVE-2025-6186, CVE-2025-8094) are classified as “high.” Attackers can primarily use these vulnerabilities for XSS attacks. In one case, they can even store malicious code permanently on vulnerable servers (stored XSS).
In the other cases, authentication can be bypassed (CVE-2024-10219 “medium”). In addition to closing security gaps, the developers have also fixed several bugs in the current releases.
Videos by heise
Most recently, security updates have protected GitLab against possible account takeovers.
(des)
