GitLab: Attackers can create wiki pages with malware
Security patches close multiple vulnerabilities in the GitLab development environment.
(Image: Artur Szczybylo/Shutterstock.com)
The DevSecOps platform GitLab is vulnerable. Developers have closed several security vulnerabilities in recent versions. In the worst case, attackers can compromise systems.
The developers assure in a warning message that they have closed a total of ten security vulnerabilities in versions 18.4.6, 18.5.4, and 18.6.2. Four of these are classified as "high" threat level (CVE-2025-12716, CVE-2025-8405, CVE-2025-12029, CVE-2025-12562). The secured versions are reportedly already running on GitLab.com.
Various Dangers
If attackers successfully exploit these vulnerabilities, they can, among other things, create wiki pages with malicious code or embed malware in code flow displays. In both cases, however, attackers must already be authenticated. Additionally, crashes can occur after DoS attacks. So far, there are no indications of ongoing attacks.
Videos by heise
The remaining vulnerabilities can lead to information leaks, among other things.
Most recently, GitLab developers closed multiple security vulnerabilities at the end of November.
(des)
