GitLab Vulnerabilities Enable Account Takeover and Stored XSS Attacks

GitLab has released critical security patches addressing 12 vulnerabilities across versions 18.2.2, 18.1.4, and 18.0.6 for both Community Edition (CE) and Enterprise Edition (EE).

The vulnerabilities include multiple high-severity cross-site scripting (XSS) vulnerabilities that could enable account takeover attacks and unauthorized code execution on behalf of users.

GitLab.com has already implemented the patches, while self-managed installations require immediate upgrades to prevent potential exploitation.

Three high-severity XSS vulnerabilities pose significant risks to GitLab installations. CVE-2025-7734 affects the blob viewer component across all versions from 14.2, allowing attackers to execute malicious actions on behalf of users through injected content.

This vulnerability carries a CVSS score of 8.7, indicating critical severity with potential for complete account compromise.

CVE-2025-7739 specifically targets GitLab 18.2 installations, enabling authenticated users to achieve stored XSS by injecting malicious HTML content into scoped label descriptions.

The vulnerability allows persistent attacks that could affect multiple users viewing the compromised labels. Similarly, CVE-2025-6186 affects work item names in versions 18.1 and 18.2, potentially enabling account takeover through malicious HTML injection.

All three vulnerabilities were discovered through GitLab’s HackerOne bug bounty program, demonstrating active exploitation attempts.

The stored nature of these XSS vulnerabilities makes them particularly dangerous, as malicious payloads persist within the application and can affect multiple users over extended periods.

Attackers could leverage these vulnerabilities to steal session tokens, perform unauthorized actions, or redirect users to malicious websites.

GitLab Vulnerabilities

Beyond XSS vulnerabilities, the patches address several critical permission and authorization issues.

CVE-2025-8094 allows users with maintainer privileges to cause denial-of-service attacks against CI/CD pipelines by manipulating shared infrastructure resources beyond their intended access level. This vulnerability affects versions 18.0 through 18.2.2 and carries a CVSS score of 7.7.

CVE-2024-12303 presents a privilege escalation risk, enabling users to delete confidential issues by exploiting role-specific permissions during user invitation processes.

The vulnerability affects versions from 17.7 onwards and demonstrates how seemingly routine operations can be weaponized for unauthorized access.

Additional medium-severity vulnerabilities include CVE-2024-10219, which allows unauthorized artifact downloads through API endpoint manipulation, and CVE-2025-8770, affecting Enterprise Edition merge request approval policies.

These vulnerabilities highlight systemic issues with GitLab’s access control mechanisms across multiple components.

Self-Managed Installations

GitLab strongly recommends immediate upgrades for all self-managed installations, as GitLab.com already runs patched versions.

The security fixes follow GitLab’s standard disclosure timeline, with vulnerability details becoming public 30 days after patch release.

Single-node installations will experience downtime during upgrades due to required database migrations, while multi-node deployments can implement zero-downtime upgrade procedures.

The patches include both regular migrations during upgrades and post-deploy migrations for versions 18.2.2, 18.1.4, and 18.0.6.

Organizations should prioritize these updates given the high severity of multiple vulnerabilities and the potential for account takeover attacks.

GitLab Dedicated customers require no action, as patches are automatically applied to their managed environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.