{"id":3550,"date":"2025-06-12T18:27:29","date_gmt":"2025-06-12T18:27:29","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3550"},"modified":"2025-06-12T18:27:29","modified_gmt":"2025-06-12T18:27:29","slug":"dangerous-vulnerability-in-gitlab-ultimate-enterprise-edition","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3550","title":{"rendered":"\u2018Dangerous\u2019 vulnerability in GitLab Ultimate Enterprise Edition"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A new vulnerability in GitLab\u2019s Ultimate Enterprise Edition used for managing source code is \u201cdangerous\u201d and needs to be quickly patched, says an expert.<\/p>\n

The vulnerability, CVE-2025-5121, is one of 10 described Wednesday by GitLab as it released bug and security fixes<\/a> for self-managed installations.<\/p>\n

\u201cWe strongly recommend that all self-managed GitLab installations be upgraded to one of these [patched] versions [18.0.2, 17.11.4, 17.10.8] immediately,\u201d the platform said. GitLab.com is already running the patched version, so GitLab Dedicated customers do not need to take action.<\/p>\n

Four of the vulnerabilities are rated as High severity.<\/p>\n

Johannes Ullrich<\/a>, dean of research at the SANS Institute, was particularly worried about CVE-2025-5121, a missing authorization issue. He described it as \u201cdangerous.\u201d If not patched, under certain conditions it can allow a successful attacker with authenticated access to a GitLab instance with a GitLab Ultimate license applied (paid customer or trial) to inject a malicious CI\/CD job into all future CI\/CD pipelines of any project.<\/p>\n

\u201cBy injecting a malicious job, an attacker would be able to compromise how software is built,\u201d Ullrich told CSO. \u201cThis could likely include adding backdoors to the software or skipping certain validation steps. The code will likely also have access to secrets used during the build process.\u201d<\/p>\n

Impacted versions\u00a0are GitLab Ultimate EE 17.11 prior to 17.11.4, and 18.0 before 18.0.2.\u00a0This vulnerability has been given a CVSS\u00a0score of 8.5.<\/p>\n

The other vulnerability Ullrich drew attention to is CVE-2025-4278, an HTML injection hole. He described it as essentially a cross site scripting vulnerability, but with more limited impact. GitLab gives it a CVSS score of 8.7.<\/p>\n

\u201cThe impact of these vulnerabilities is often difficult to assess,\u201d Ullrich said, \u201cbut creative attackers are often able to leverage them to trick users into performing dangerous actions on behalf of the attacker.\u201d<\/p>\n

GitLab says that, unless patched,\u00a0under certain conditions the flaw would allow a successful attacker to take over an account by injecting code into the search page.\u00a0<\/p>\n

All version 18.0 instances prior to 18.0.2 of Community and Enterprise editions are impacted.<\/p>\n

The other two vulnerabilities rated as High are:<\/p>\n

CVE-2025-2254, a cross-site scripting issue, which, under certain conditions, could allow an attacker to act like a legitimate user by injecting a malicious script into the snippet viewer.
All GitLab CE\/EE versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2 are impacted;<\/p>\n

CVE-2025-0673, a vulnerability that can cause a denial of service by triggering an infinite redirect loop, which would cause memory exhaustion on the GitLab server. Impacted versions\u00a0of GitLab CE\/EE are 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.<\/p>\n

Three other denial of service vulnerabilities are listed, although they carry lower risk ratings.<\/p>\n

CVE-2025-1516, if unpatched, allows a successful attacker to deny access to legitimate users of the targeted system by generating tokens with sufficiently large names, <\/a>CVE-2025-1478 allows an attacker to deny access to legitimate users of the targeted system by crafting Board Names with sufficiently large sizes, and CVE-2025-5996 allows a denial of service by integrating a malicious third-party component into a GitLab project.<\/p>\n

Another patched vulnerability, CVE-2024-9515, could have allowed a successful attacker to clone a legitimate user\u2019s private repository by sending a timed clone request when a secondary node is out of sync. This hole has a CVSS score of 5.3.<\/p>\n

Robert Beggs, CEO of Canadian incident response firm Digital Defence, said that CSOs have to remember that GitLab isn\u2019t a passive folder where a user deposits and later retrieves data or source code. It\u2019s a complex application that supports the entire DevOps lifecycle, from planning through to deployment and monitoring.\u00a0To support this role, GitLab provides a large number of complex functions. This feature set increases the attack surface.\u00a0In combination with the complexity of the application, any misconfigurations or vulnerabilities could have a significant impact for users.<\/p>\n

\u201cAs with all applications, CSOs have to pay attention to vendor reports of vulnerabilities and any patches or upgrades to the application,\u201d he said in an email.\u00a0\u201cThey also have to be mindful of their own security hygiene and follow best practices for GitLab use.\u201d<\/p>\n

These include limiting access and access privileges to GitHub repositories \u2014 for example, ensuring that default visibility is set to Private \u2014 enabling multi-factor authentication for access and ensuring that passwords follow typical complexity rules, implementing role-based access controls and frequently reviewing access lists, implementing SSL and TLS<\/a> certificates to secure communications, securing GitLab runners and pipeline variables, protecting the codebase by implementing branch protection rules and code signing, and more.<\/p>\n

More GitLab news:<\/p>\n

Prompt injection flaws in GitLab Duo highlights risks in AI assistants<\/a><\/p>\n

><\/p><\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A new vulnerability in GitLab\u2019s Ultimate Enterprise Edition used for managing source code is \u201cdangerous\u201d and needs to be quickly patched, says an expert. The vulnerability, CVE-2025-5121, is one of 10 described Wednesday by GitLab as it released bug and security fixes for self-managed installations. \u201cWe strongly recommend that all self-managed GitLab installations be upgraded […]<\/p>\n","protected":false},"author":0,"featured_media":3551,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3550"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3550"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3550\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3551"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}