CVE-2025-0314

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab17.2 < 17.6.4affected
GitLabGitLab17.7 < 17.7.3affected
GitLabGitLab17.8 < 17.8.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References