CVE-2025-0376

CVSS 3.1 Score 8.7 of 10 (high)

Details

Published Feb 12, 2025

CWE ID 79

Summary

CVE-2025-0376 is a critical Cross-Site Scripting (XSS) vulnerability affecting GitLab CE/EE versions 13.3 to 17.8.2. Prior versions of 17.6.5, 17.7.4, and 17.8.1 are also impacted. This issue enables attackers to inject malicious code into a change page, potentially gaining unauthorized access and executing malicious actions. Successful exploitation could lead to data theft, account takeover, or other forms of unintended system behavior. Users are strongly advised to upgrade their GitLab instances to the latest patched versions as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GitLab

Affected Vendors

GitLab Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2WXcq2
https://www.cve.org/CVERecord?id=CVE-2025-0376
https://nvd.nist.gov/vuln/detail/CVE-2025-0376

Back to Vulnerability Database