CVE-2025-4439

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab15.10 < 18.0.5affected
GitLabGitLab18.1 < 18.1.3affected
GitLabGitLab18.2 < 18.2.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References